[unisog] Kerberos 5 su Privilege Escalation Vulnerability

Jose Nazario jose at biocserver.BIOC.cwru.edu
Mon Jan 28 19:50:27 GMT 2002


On Mon, 28 Jan 2002, Fred A. Miller wrote:

> Kerberos 5 su Privilege Escalation Vulnerability
> BugTraq ID: 3919
> Remote: No
> Date Published: Jan 21 2002 12:00A
> Relevant URL:
> http://www.securityfocus.com/bid/3919

this appears to be the heimdal code, not the MIT code. the only known
(listed) vulnerable platforms are freebsd, but since all of the BSDs (and
a few others) use the heimdal/KTH kerberos code, make sure you're up to
date with it unless you knw for a fact you're using MIT kerberos.

http://www.pdc.kth.se/heimdal/

on the kth/heimdal site i see no mention of this, so it may be a local
freebsd design/interaction problem. (i dont use freebsd, so i dont know
much about the port or the patches.) however, dig around if you're
worried:

http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/security/heimdal/files/

____________________________
jose nazario						     jose at cwru.edu
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)



More information about the unisog mailing list