Return to errata.html CVS log | Up to [local] / www |
version 1.496, 2004/05/30 23:36:48 | version 1.497, 2004/05/31 17:23:05 | ||
---|---|---|---|
|
|
||
<li><a name="kerberos"></a> | <li><a name="kerberos"></a> | ||
<font color="#00900"><strong>009: SECURITY FIX: May 30, | <font color="#00900"><strong>009: SECURITY FIX: May 30, | ||
2004</strong></font><br> | 2004</strong></font><br> | ||
A flaw in the Kerberos V <A | A flaw in the Kerberos V <a | ||
HREF="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a> | href="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a> | ||
server could result in the administrator of a Kerberos realm having | server could result in the administrator of a Kerberos realm having | ||
the ability to impersonate any principal in any other realm which | the ability to impersonate any principal in any other realm which | ||
has established a cross-realm trust with their realm. The flaw is due to | has established a cross-realm trust with their realm. The flaw is due to | ||
inadequate checking of the "transited" field in a Kerberos request. For | inadequate checking of the "transited" field in a Kerberos request. For | ||
more details see <A HREF="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/"> | more details see <a href="http://www.pdc.kth.se/heimdal/advisory/2004-04-01/"> | ||
Heimdal's announcement</A>. | Heimdal's announcement</A>. | ||
<br> | <br> | ||
<a | <a | ||
|
|
||
2004</strong></font><br> | 2004</strong></font><br> | ||
With the introduction of IPv6 code in | With the introduction of IPv6 code in | ||
<a | <a | ||
href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">xdm(1)</a>, | href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html">xdm(1)</a>, | ||
one test on the 'requestPort' resource was deleted by accident. This | one test on the 'requestPort' resource was deleted by accident. This | ||
makes xdm create the chooser socket even if xdmcp is disabled in | makes xdm create the chooser socket even if xdmcp is disabled in | ||
xdm-config, by setting requestPort to 0. See | xdm-config, by setting requestPort to 0. See |