[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kadmind exploits

As mentioned in the announcement, there are known exploit
tools out there for the flaw in kadmind < 0.5.1 with Kerberos 4
support. And they are being used, too.

A successful exploit (or at least one particular exploit) seems to
generate these log entries:

fubar.se kadmind[pid]: krb_rd_req: 39
fubar.se GGGG

I currently don't know if an unsuccessful exploit may generate these as
well (Love knows?)