Bugtraq: Re: Kerberos security vulnerability in SSH-1.2.27

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Kerberos security vulnerability in SSH-1.2.27

From: carson () TLA ORG (Carson Gaspar)
Date: Sun, 2 Jul 2000 17:51:15 -0400


<sigh> I patched kerberos support in a previous SSH 1.2.x release, but it
never made it back into the source. The whole ticket handling disaster
should be ripped out and re-done. Assuming KRB5CCNAME contains "FILE:blah"
and unlinking whatever is after FILE: is _very_ _bad_.

If anyone cares, the patches are on the CD that comes with the SSH book, and
should be easily forward portable. They were quick fixes for the _obviously_
bad things, and should probably be audited more thoroughly.

--
Carson Gaspar -- carson () tla org
Queen Trapped in a Butch Body

By Date By Thread

Current thread:

Kerberos security vulnerability in SSH-1.2.27 Richard E. Silverman (Jun 30)
- Re: Kerberos security vulnerability in SSH-1.2.27 Carson Gaspar (Jul 02)
  - Re: Kerberos security vulnerability in SSH-1.2.27 Dug Song (Jul 06)
- [RHSA-2000:041-02] man package's 'makewhatis' uses insecure handling of files in /tmp bugzilla () REDHAT COM (Jul 03)
- Re: Kerberos security vulnerability in SSH-1.2.27 Schlachter, Jake (Jul 05)
  - Re: Kerberos security vulnerability in SSH-1.2.27 Atro Tossavainen (Jul 06)
- <Possible follow-ups>
- Re: Kerberos security vulnerability in SSH-1.2.27 anne () SSH COM (Jul 07)