![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to errata.html CVS log | Up to [local] / www |
| version 1.496, 2004/05/30 23:36:48 | version 1.497, 2004/05/31 17:23:05 | ||
|---|---|---|---|
|
|
||
| <li><a name="kerberos"></a> | <li><a name="kerberos"></a> | ||
| <font color="#00900"><strong>009: SECURITY FIX: May 30, | <font color="#00900"><strong>009: SECURITY FIX: May 30, | ||
| 2004</strong></font><br> | 2004</strong></font><br> | ||
| A flaw in the Kerberos V <A | A flaw in the Kerberos V <a | ||
| HREF="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a> | href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a> | ||
| server could result in the administrator of a Kerberos realm having | server could result in the administrator of a Kerberos realm having | ||
| the ability to impersonate any principal in any other realm which | the ability to impersonate any principal in any other realm which | ||
| has established a cross-realm trust with their realm. The flaw is due to | has established a cross-realm trust with their realm. The flaw is due to | ||
| inadequate checking of the "transited" field in a Kerberos request. For | inadequate checking of the "transited" field in a Kerberos request. For | ||
| more details see <A HREF="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/"> | more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/"> | ||
| Heimdal's announcement</A>. | Heimdal's announcement</A>. | ||
| <br> | <br> | ||
| <a | <a | ||
|
|
||
| 2004</strong></font><br> | 2004</strong></font><br> | ||
| With the introduction of IPv6 code in | With the introduction of IPv6 code in | ||
| <a | <a | ||
| href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">xdm(1)</a>, | href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">xdm(1)</a>, | ||
| one test on the 'requestPort' resource was deleted by accident. This | one test on the 'requestPort' resource was deleted by accident. This | ||
| makes xdm create the chooser socket even if xdmcp is disabled in | makes xdm create the chooser socket even if xdmcp is disabled in | ||
| xdm-config, by setting requestPort to 0. See | xdm-config, by setting requestPort to 0. See |