Critical Kerberos Flaw Revealed
doi writes "ZD Net is carrying a story about '...a critical flaw that could allow hackers to circumvent the secure networking system...The problem lies with software in MIT Kerberos 5 called kadmind4 (Kerberos v4 compatibility administration daemon), which allows compatibility with older administrative clients. A buffer stack overflow allows an attacker to use a specially formed request to gain access to the KDC with the privileges of a user running kadmind4.' It affects all MIT-derived versions of Kerberos 4 and 5."
Kerberos makes it really difficult to do any work at MIT. It's a software product designed by faculty to slow up research projects by students.
The reasons for this are twofold: ensure longer paths to tenure, and keep smart students from publishing too quickly and making their profs look bad.
-- clvrmnky
Well, Microsoft is currently working on their own implementation of Kerberos, Microsoft Kerberos. I've seen about a half-dozen root exploits for MIT kerberos, but none yet for MS kerb. I guess this is really a first for the boys in blue. ;]
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
Kerberos is a three-headed dog that guards the gates of hell. A flaw in Kerberos is a serious situation because if it fails, all hell could break loose.
I completely agree. I say that people wait until the respective worm comes out for the said vulnerability, then post an article about that, where hundreds of /. comments will mock stupid people for not patching their systems. =)
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K