krb5.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tom Yu <tlyu@mit.edu>	2007-04-03 21:27:25 +0000
committer	Tom Yu <tlyu@mit.edu>	2007-04-03 21:27:25 +0000
commit	cd1c8b8a1a9bfd77eae9fbf29bd3273695019125 (patch)
tree	c2f7273017dc9d9405e5920dda61615913d2f3c9 /src/plugins
parent	f7f39b9dda8998390da542fb9bbc2be563c8a557 (diff)
download	krb5-cd1c8b8a1a9bfd77eae9fbf29bd3273695019125.tar.gz krb5-cd1c8b8a1a9bfd77eae9fbf29bd3273695019125.tar.xz krb5-cd1c8b8a1a9bfd77eae9fbf29bd3273695019125.zip

MITKRB5-SA-2007-001: telnetd allows login as arbitrary user

Fix MITKRB5-SA-2007-001: * src/appl/telnet/telnetd/sys_term.c (start_login): Add "--" argument preceding username, in addition to the original patch. Explicitly check for leading hyphen in username. * src/appl/telnet/telnetd/state.c (envvarok): Check for leading hyphen in environment variables. On advice from Shawn Emery, not using strchr() as in the original patch. ticket: new tags: pullup target_version: 1.6.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19396 dc483132-0cff-0310-8789-dd5450dbe970

Diffstat (limited to 'src/plugins')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: