Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit
* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
* src/appl/bsd/v4rcp.c (main):
* src/appl/bsd/krcp.c (main):
* src/appl/bsd/krshd.c (doit):
* src/appl/bsd/login.c (main):
* src/clients/ksu/main.c (sweep_up):
* src/lib/krb4/kuserok.c (kuserok): Check return values from
setuid() and related functions to avoid privilege escalation
vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
VU#580124, CVE-2006-3084, VU#401660]

Commit By: tlyu



Revision: 18420
Changed Files:
U trunk/src/appl/bsd/krcp.c
U trunk/src/appl/bsd/krshd.c
U trunk/src/appl/bsd/login.c
U trunk/src/appl/bsd/v4rcp.c
U trunk/src/appl/gssftp/ftpd/ftpd.c
U trunk/src/clients/ksu/main.c
U trunk/src/lib/krb4/kuserok.c
From: tlyu@mit.edu
Subject: SVN Commit
pull up r18420 from trunk

r18420@cathode-dark-space: tlyu | 2006-08-08 15:26:40 -0400
ticket: new
subject: fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
target_version: 1.5.1
tags: pullup

* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
* src/appl/bsd/v4rcp.c (main):
* src/appl/bsd/krcp.c (main):
* src/appl/bsd/krshd.c (doit):
* src/appl/bsd/login.c (main):
* src/clients/ksu/main.c (sweep_up):
* src/lib/krb4/kuserok.c (kuserok): Check return values from
setuid() and related functions to avoid privilege escalation
vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
VU#580124, CVE-2006-3084, VU#401660]



Commit By: tlyu



Revision: 18421
Changed Files:
_U branches/krb5-1-5/
U branches/krb5-1-5/src/appl/bsd/krcp.c
U branches/krb5-1-5/src/appl/bsd/krshd.c
U branches/krb5-1-5/src/appl/bsd/login.c
U branches/krb5-1-5/src/appl/bsd/v4rcp.c
U branches/krb5-1-5/src/appl/gssftp/ftpd/ftpd.c
U branches/krb5-1-5/src/clients/ksu/main.c
U branches/krb5-1-5/src/lib/krb4/kuserok.c