version 1.286, 2000/12/08 04:01:23 |
version 1.287, 2000/12/08 16:13:16 |
|
|
1. A symlink problem was discovered in the KerberosIV password checking |
1. A symlink problem was discovered in the KerberosIV password checking |
routines /usr/bin/su and /usr/bin/login, which makes it possible for a |
routines /usr/bin/su and /usr/bin/login, which makes it possible for a |
local user to overwrite any file on the local machine.<p> |
local user to overwrite any file on the local machine.<p> |
2. It is possible to specify to specify environment variables in telnet |
2. It is possible to specify environment variables in telnet |
which will be passed over the to the remote host. This makes it |
which will be passed over the to the remote host. This makes it |
possible to set environment variables on the remote side, including |
possible to set environment variables on the remote side, including |
ones that have special meaning on the server. It is not clear at this |
ones that have special meaning on the server. It is not clear at this |