Revision as of 04:47, 7 October 2007 (view source) Jdhutchin@ugcs.caltech.edu (Talk | contribs) (→Probable Problems) ← Older edit		Revision as of 04:47, 7 October 2007 (view source) Jdhutchin@ugcs.caltech.edu (Talk | contribs) (→Known Problems) Newer edit →
Line 1:		Line 1:
	=Known Problems=		=Known Problems=
−		+	*Users could DoS our kerberos admin server by using the newacct-creator keytab to create lots of new principals. Minor severity
	=Probable Problems=		=Probable Problems=

---

Revision as of 04:47, 7 October 2007

Known Problems

• Users could DoS our kerberos admin server by using the newacct-creator keytab to create lots of new principals. Minor severity

Probable Problems

• All the python we wrote needs to be double-checked
• Kerberos security holes that need to be patched urgently
  • krb5-admin-server: up to date on zeus and that's all we need to worry about in terms of major major exploits at the moment --Elizabeth@ugcs.caltech.edu 05:56, 26 September 2007 (PDT)
• linux-2.6: CVE-2007-4571 and CVE-2007-4573 - local privilege escalation vulnerabilities, extremely serious on amd64. working on backporting a fix and getting it compiled by hephaestus. --Elizabeth@ugcs.caltech.edu 05:56, 26 September 2007 (PDT)
  • Fixed by installing the debian linux-2.6.18-5-dpkg package (forget when)- Joshua

Possible problems

• Cfengine can be used to break into machines