Slashdot Mirror


Critical Kerberos Flaw Revealed

doi writes "ZD Net is carrying a story about '...a critical flaw that could allow hackers to circumvent the secure networking system...The problem lies with software in MIT Kerberos 5 called kadmind4 (Kerberos v4 compatibility administration daemon), which allows compatibility with older administrative clients. A buffer stack overflow allows an attacker to use a specially formed request to gain access to the KDC with the privileges of a user running kadmind4.' It affects all MIT-derived versions of Kerberos 4 and 5."

4 of 197 comments (clear)

  1. Re:Question by c13v3rm0nk3y · · Score: 5, Funny
    What the flaming fuck does kerberos do anyway?

    Kerberos makes it really difficult to do any work at MIT. It's a software product designed by faculty to slow up research projects by students.

    The reasons for this are twofold: ensure longer paths to tenure, and keep smart students from publishing too quickly and making their profs look bad.

    --
    -- clvrmnky
  2. a first in the security world by carpe_noctem · · Score: 5, Funny

    Well, Microsoft is currently working on their own implementation of Kerberos, Microsoft Kerberos. I've seen about a half-dozen root exploits for MIT kerberos, but none yet for MS kerb. I guess this is really a first for the boys in blue. ;]

    --
    "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  3. Re:Question by Waffle+Iron · · Score: 5, Funny
    What the flaming fuck does kerberos do anyway?

    Kerberos is a three-headed dog that guards the gates of hell. A flaw in Kerberos is a serious situation because if it fails, all hell could break loose.

  4. Re:Is this really pertinent? by carpe_noctem · · Score: 5, Funny

    I completely agree. I say that people wait until the respective worm comes out for the said vulnerability, then post an article about that, where hundreds of /. comments will mock stupid people for not patching their systems. =)

    --
    "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K