Slashdot Mirror


MIT Warns of Critical Vulnerabilities in Kerberos 5

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

2 of 100 comments (clear)

  1. It's a double free, not easy to exploit by Beryllium+Sphere(tm) · · Score: 4, Insightful

    Has anyone seen exploit code in the wild yet?

  2. Re:Maybe they should..... by inburito · · Score: 3, Insightful

    Umm.. most of the .mit.edu computers are students' own dorm room computers. Mit doesn't care what people do with them unless they start disrupting the network operations.

    It is a pretty good deal with a fixed ip address, your own mit-domain name and a direct hookup without any extra firewalls or nats. I know I like mine. However, smarter than average kids do not necessarily good sys admins make. A hack on an "mit"-computer seems to enjoy questionable prestige especially in asia even though nobody ever hacks the university's computers.. just random people's personal ones. What's so great about defacing some bio-major's laptop..