Bugtraq mailing list archives
Re: Kerberos security vulnerability in SSH-1.2.27
From: carson () TLA ORG (Carson Gaspar)
Date: Sun, 2 Jul 2000 17:51:15 -0400
<sigh> I patched kerberos support in a previous SSH 1.2.x release, but it never made it back into the source. The whole ticket handling disaster should be ripped out and re-done. Assuming KRB5CCNAME contains "FILE:blah" and unlinking whatever is after FILE: is _very_ _bad_. If anyone cares, the patches are on the CD that comes with the SSH book, and should be easily forward portable. They were quick fixes for the _obviously_ bad things, and should probably be audited more thoroughly. -- Carson Gaspar -- carson () tla org Queen Trapped in a Butch Body
Current thread:
- Kerberos security vulnerability in SSH-1.2.27 Richard E. Silverman (Jun 30)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)
- Re: Kerberos security vulnerability in SSH-1.2.27 Dug Song (Jul 06)
- [RHSA-2000:041-02] man package's 'makewhatis' uses insecure handling of files in /tmp bugzilla () REDHAT COM (Jul 03)
- Re: Kerberos security vulnerability in SSH-1.2.27 Schlachter, Jake (Jul 05)
- Re: Kerberos security vulnerability in SSH-1.2.27 Atro Tossavainen (Jul 06)
- <Possible follow-ups>
- Re: Kerberos security vulnerability in SSH-1.2.27 anne () SSH COM (Jul 07)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)