Bugtraq mailing list archives
Re: BoS: CERT Vendor-Initiated Bulletin VB-97.08 - Transarc
From: proff () SUBURBIA NET (Julian Assange)
Date: Sat, 27 Sep 1997 18:14:36 +1000
[..]
The vulnerability stems from an incorrect interpretation of the situation which occurs when an AFS klog binary is not found by login.dce. If there is a klog binary in ANY of the following standard locations, the vulnerability will NOT occur: /opt/dcelocal/bin/klog
Two words. Resource. Starvation. [..]
A workaround is possible as well: simply install any program which produces output on stdout in one of the standard klog locations.
[..]
(A "hello, world" program or shell script is sufficient; as long as it puts something on stdout, it's good enough. Optimally, install the actual AFS klog program in one of the above locations.)
Two words. Resource. Starvation. Nice to see CERT advisories have become totally unmoderated :) -- Prof. Julian Assange |Little Fly, Thy Summer's Play My thoughtless hand Has |Brush'd away. Am not I A fly like thee? Or are thou A proff () iq org |man like me? For I dance, And drink, and sing, Till proff () gnu ai mit edu |some blind hand Shall brush my wing. -Blake
Current thread:
- CERT Vendor-Initiated Bulletin VB-97.08 - Transarc Aleph One (Sep 25)
- Re: BoS: CERT Vendor-Initiated Bulletin VB-97.08 - Transarc Julian Assange (Sep 27)
- msql access control John W. Temples (Sep 27)
- kerneld and module security Aleph One (Sep 28)
- SSH/X11 vulnerability Ulrich Flegel (Sep 30)