Slashdot Mirror


MIT Warns of Critical Vulnerabilities in Kerberos 5

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

6 of 100 comments (clear)

  1. What? by Saturn+SL1-WNY · · Score: 5, Funny

    What doesn't cause a DoS attack now adays? If DOS still stood for Disk Operating System, and we all used that, we'd be safe.

  2. Re:How about in 2K and XP by DaHat · · Score: 2, Funny

    Nay, the windows version is a clean room implementation from the original standard instead of duplicated code.

  3. 'clean room' by MarcQuadra · · Score: 2, Funny

    Judging by how well Microsoft's kerberos plays with others, I'd say it's less of a 'clean room' implementation and more of a 'bachelor pad' or 'dorm suite' implementation.

    --
    "Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
  4. Probably the oldest known security hole by hey! · · Score: 2, Funny

    It's long been known that to get around Kerberos, all you have to do is throw him a sop.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  5. Re:This is old news. by dr_dank · · Score: 3, Funny

    Oh well, guess we had a lot of news going on the past few days...

    Slashdot is still in an uproar over the revelation of the Ewok movies coming to DVD. What did you expect?

    --
    Where does the school board find them and why do they keep sending them to ME?
  6. Re:It's a double free, not easy to exploit by Anonymous Coward · · Score: 2, Funny

    please check out http://252.angelcities.com
    for a tutorial about doug lea's malloc
    and exploiting the heap.

    later