From jim@jtan.com Wed Jan 26 18:46:37 2000
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id SAA27995
for <bugs@RT-11.MIT.EDU>; Wed, 26 Jan 2000 18:46:33 -0500 (EST)
Received: from ganymede.jtan.com by MIT.EDU with SMTP
id AA21494; Wed, 26 Jan 00 18:46:02 EST
Received: from io.jtan.net (jim@io.jtan.com [207.106.84.176])
by ganymede.jtan.net (8.9.3/8.9.3) with ESMTP id SAA11009
for <krb5-bugs@mit.edu>; Wed, 26 Jan 2000 18:46:31 -0500 (EST)
Received: (from jim@localhost)
by io.jtan.net (8.9.1/8.9.1) id SAA15961
for krb5-bugs@mit.edu; Wed, 26 Jan 2000 18:46:28 -0500 (EST)
Message-Id: <20000126184627.A15861@jtan.com>
Date: Wed, 26 Jan 2000 18:46:27 -0500
From: Jim Paris <jim@jtan.com>
To: krb5-bugs@MIT.EDU
Subject: Security
allows any local users to gain root. I just finished developing a
working exploit for Linux and verified that it does, in fact, work.
Since this affects a lot of machines (including all Athena machines
here at MIT), I'd like to see a fix before I post details to Bugtraq.
Who should I talk to about this?
-jim
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Tue Feb 22 16:31:16 2000
Responsible-Changed-Why:
Reformat, fix category.
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Sep 18 17:42:32 2001
State-Changed-Why:
Fixed out of band a while ago. For the record, these were the krb4
rd_req hole and the pre-1.1.1 ksu hole.
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id SAA27995
for <bugs@RT-11.MIT.EDU>; Wed, 26 Jan 2000 18:46:33 -0500 (EST)
Received: from ganymede.jtan.com by MIT.EDU with SMTP
id AA21494; Wed, 26 Jan 00 18:46:02 EST
Received: from io.jtan.net (jim@io.jtan.com [207.106.84.176])
by ganymede.jtan.net (8.9.3/8.9.3) with ESMTP id SAA11009
for <krb5-bugs@mit.edu>; Wed, 26 Jan 2000 18:46:31 -0500 (EST)
Received: (from jim@localhost)
by io.jtan.net (8.9.1/8.9.1) id SAA15961
for krb5-bugs@mit.edu; Wed, 26 Jan 2000 18:46:28 -0500 (EST)
Message-Id: <20000126184627.A15861@jtan.com>
Date: Wed, 26 Jan 2000 18:46:27 -0500
From: Jim Paris <jim@jtan.com>
To: krb5-bugs@MIT.EDU
Subject: Security
Show quoted text
>Number: 818
>Category: krb5-clients
>Synopsis: Security
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 26 18:47:00 EST 2000
>Last-Modified: Tue Sep 18 17:46:12 EDT 2001
>Originator: Jim Paris
>Organization:
>Release:
>Environment:
>Description:
I've found a somewhat nasty bug in one of the Kerberos utilities that>Category: krb5-clients
>Synopsis: Security
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 26 18:47:00 EST 2000
>Last-Modified: Tue Sep 18 17:46:12 EDT 2001
>Originator: Jim Paris
>Organization:
>Release:
>Environment:
>Description:
allows any local users to gain root. I just finished developing a
working exploit for Linux and verified that it does, in fact, work.
Since this affects a lot of machines (including all Athena machines
here at MIT), I'd like to see a fix before I post details to Bugtraq.
Who should I talk to about this?
-jim
Show quoted text
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Fix:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Tue Feb 22 16:31:16 2000
Responsible-Changed-Why:
Reformat, fix category.
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Sep 18 17:42:32 2001
State-Changed-Why:
Fixed out of band a while ago. For the record, these were the krb4
rd_req hole and the pre-1.1.1 ksu hole.
Show quoted text
>Unformatted: