Author: JT Smith
From BSD Today: “OpenBSD has announced a security fix for two problems that were discovered in KerberosIV code.
According to a posting to the OpenBSD security announcements list, a symlink problem was
discovered which makes it possible for a local user to overwrite any file on the local machine if you
have enabled KerberosIV in /etc/kerberosIV/krb.conf. And, if you use telnetd and you accept insecure
cleartext passwords, the announcement says, special environment variables may be set on the remote
side.”
According to a posting to the OpenBSD security announcements list, a symlink problem was
discovered which makes it possible for a local user to overwrite any file on the local machine if you
have enabled KerberosIV in /etc/kerberosIV/krb.conf. And, if you use telnetd and you accept insecure
cleartext passwords, the announcement says, special environment variables may be set on the remote
side.”
Category:
- Linux
