Bugtraq mailing list archives

Re: BoS: CERT Vendor-Initiated Bulletin VB-97.08 - Transarc

From: proff () SUBURBIA NET (Julian Assange)
Date: Sat, 27 Sep 1997 18:14:36 +1000


[..]

The vulnerability stems from an incorrect interpretation of the
situation which occurs when an AFS klog binary is not found by
login.dce.

If there is a klog binary in ANY of the following standard locations,
the vulnerability will NOT occur:

        /opt/dcelocal/bin/klog


Two words. Resource. Starvation.

[..]

A workaround is possible as well: simply install any program which
produces output on stdout in one of the standard klog locations.

[..]

(A "hello, world" program or shell script is sufficient; as long as
it puts something on stdout, it's good enough.  Optimally, install
the actual AFS klog program in one of the above locations.)


Two words. Resource. Starvation.

Nice to see CERT advisories have become totally unmoderated :)

--
Prof. Julian Assange  |Little Fly, Thy Summer's Play My thoughtless hand Has
                      |Brush'd away. Am not I A fly like thee? Or are thou A
proff () iq org          |man like me? For I dance, And drink, and sing, Till
proff () gnu ai mit edu  |some blind hand Shall brush my wing. -Blake

Current thread:

CERT Vendor-Initiated Bulletin VB-97.08 - Transarc Aleph One (Sep 25)
- Re: BoS: CERT Vendor-Initiated Bulletin VB-97.08 - Transarc Julian Assange (Sep 27)
- msql access control John W. Temples (Sep 27)
- kerneld and module security Aleph One (Sep 28)
- SSH/X11 vulnerability Ulrich Flegel (Sep 30)