Slashdot Mirror


Critical Kerberos Flaw Revealed

doi writes "ZD Net is carrying a story about '...a critical flaw that could allow hackers to circumvent the secure networking system...The problem lies with software in MIT Kerberos 5 called kadmind4 (Kerberos v4 compatibility administration daemon), which allows compatibility with older administrative clients. A buffer stack overflow allows an attacker to use a specially formed request to gain access to the KDC with the privileges of a user running kadmind4.' It affects all MIT-derived versions of Kerberos 4 and 5."

6 of 197 comments (clear)

  1. non-news by Anonymous Coward · · Score: -1, Troll

    Microsoft has had a patch out for days now. How long before Linux and OpenBSD catch up?

  2. MIT is for bitches by Anonymous Coward · · Score: -1, Troll

    Little, whiny, open-source-loving bitches who will never ever get the pussy. Hah, eat this boys!

  3. Question by Raven42rac · · Score: -1, Troll

    What the flaming fuck does kerberos do anyway?

    --
    I hate sigs.
  4. This is more on-topic by cscx · · Score: 0, Troll
  5. Crack Tool by Anonymous Coward · · Score: -1, Troll

    So is there an exploit making the rounds yet? It seems that these people are working on a Crackall ready.

  6. RMS is going to be pissed by Billly+Gates · · Score: -1, Troll
    sigh

    Its pronounced Gnu/kerberos