OpenBSD 2.8 security fix

36

Author: JT Smith

From BSD Today: “OpenBSD has announced a security fix for two problems that were discovered in KerberosIV code.
According to a posting to the OpenBSD security announcements list, a symlink problem was
discovered which makes it possible for a local user to overwrite any file on the local machine if you
have enabled KerberosIV in /etc/kerberosIV/krb.conf. And, if you use telnetd and you accept insecure
cleartext passwords, the announcement says, special environment variables may be set on the remote
side.”

Category:

  • Linux