Skip Menu |

From Wed Jan 26 18:46:37 2000
by (8.9.3/8.9.3) with SMTP id SAA27995
for <bugs@RT-11.MIT.EDU>; Wed, 26 Jan 2000 18:46:33 -0500 (EST)
Received: from by MIT.EDU with SMTP
id AA21494; Wed, 26 Jan 00 18:46:02 EST
Received: from ( [])
by (8.9.3/8.9.3) with ESMTP id SAA11009
for <>; Wed, 26 Jan 2000 18:46:31 -0500 (EST)
Received: (from jim@localhost)
by (8.9.1/8.9.1) id SAA15961
for; Wed, 26 Jan 2000 18:46:28 -0500 (EST)
Message-Id: <>
Date: Wed, 26 Jan 2000 18:46:27 -0500
From: Jim Paris <>
To: krb5-bugs@MIT.EDU
Subject: Security

Show quoted text
>Number: 818
>Category: krb5-clients
>Synopsis: Security
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 26 18:47:00 EST 2000
>Last-Modified: Tue Sep 18 17:46:12 EDT 2001
>Originator: Jim Paris
I've found a somewhat nasty bug in one of the Kerberos utilities that
allows any local users to gain root. I just finished developing a
working exploit for Linux and verified that it does, in fact, work.
Since this affects a lot of machines (including all Athena machines
here at MIT), I'd like to see a fix before I post details to Bugtraq.
Who should I talk to about this?

Show quoted text

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Tue Feb 22 16:31:16 2000

Reformat, fix category.

State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Sep 18 17:42:32 2001

Fixed out of band a while ago. For the record, these were the krb4
rd_req hole and the pre-1.1.1 ksu hole.

Show quoted text