Your message dated Mon, 17 Nov 2008 13:37:26 -0800 with message-id <877i72qbjd.fsf@windlord.stanford.edu> and subject line Re: Bug#327233: CAN-2005-2798: GSSAPI credentials inadvertantly exposed through improper delegation has caused the Debian Bug report #327233, regarding CAN-2005-2798: GSSAPI credentials inadvertantly exposed through improper delegation to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 327233: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327233 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: CAN-2005-2798: GSSAPI credentials inadvertantly exposed through improper delegation
- From: Micah Anderson <micah@riseup.net>
- Date: Thu, 08 Sep 2005 10:11:53 -0500
- Message-id: <20050908151154.8EA2289C@yar>
Package: openssh-krb5 Severity: important Tags: security CAN-2005-2798[1] reads: sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. Since GASSAPI features are enabled in openssh-krb5/ssh-krb5 and the source package tends to use older gassapi source, so it is likely these binaries are vulnerable. GSSAPI is disabled in the main openssh binary packages, but the bug is still present in the source (see #326065), so this separate bug is filed against this package. Please mention this CAN number in any changelog entries that fix this issue. 1. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2798 -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-2-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
--- End Message ---
--- Begin Message ---
- To: 327233-done@bugs.debian.org
- Subject: Re: Bug#327233: CAN-2005-2798: GSSAPI credentials inadvertantly exposed through improper delegation
- From: Russ Allbery <rra@debian.org>
- Date: Mon, 17 Nov 2008 13:37:26 -0800
- Message-id: <877i72qbjd.fsf@windlord.stanford.edu>
Version: 1:4.3p2-7 The separate openssh-krb5 package was made obsolete by including the GSSAPI support in the regular openssh builds as of 1:4.3p2-7, and the code included there had a patch for this bug. -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
--- End Message ---