>>>>> "Micah" == Micah Anderson <[EMAIL PROTECTED]> writes:
Micah> Package: openssh-krb5 Severity: important Tags: security Micah> CAN-2005-2798[1] reads: Micah> sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials Micah> is enabled, allows GSSAPI credentials to be delegated to Micah> clients who log in using non-GSSAPI methods, which could Micah> cause those credentials to be exposed to untrusted users or Micah> hosts. Micah> Since GASSAPI features are enabled in openssh-krb5/ssh-krb5 Micah> and the source package tends to use older gassapi source, Micah> so it is likely these binaries are vulnerable. Could someone explain to me why this is a problem? I actually use this as a feature regularly. If you don't want the other end of the connection to have your credentials, why are you shoving them over the wire. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]