Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Kerberos Flaw Revealed

Posted by CowboyNeal on from the locking-down-the-network dept.

doi writes "ZD Net is carrying a story about '...a critical flaw that could allow hackers to circumvent the secure networking system...The problem lies with software in MIT Kerberos 5 called kadmind4 (Kerberos v4 compatibility administration daemon), which allows compatibility with older administrative clients. A buffer stack overflow allows an attacker to use a specially formed request to gain access to the KDC with the privileges of a user running kadmind4.' It affects all MIT-derived versions of Kerberos 4 and 5."

1 of 197 comments (clear)

  1. Come on, better title please. by antis0c · · Score: 1, Redundant

    Critical Kerberos Flaw Revealed

    That would lead me to believe that a critical flaw in Kerberos itself was discovered, as in a flaw in the design. Critical Kerberos Exploit Revealed might have been more suitable, but at first I thought Kerberos was essentially broken.

    Whew.

    --

    ..There's a-dooin's a-transpirin'