8343733562
CVE-2016-2400 kadmind(8) was not checking for 'add' permission to aliases added via kadm5_modify_principal(). This is a security vulnerability. The impact of this vulnerability is mostly minor because most sites that use kadmind(8) generally grant roughly the same level of permissions to all administrators. However, the impact will be higher for sites that grant modify privileges to large numbers of less-privileged users. From what we know of existing deployments of Heimdal, it seems very likely that the impact of this vulnerability will be minor for most sites.
10 lines
340 B
Plaintext
10 lines
340 B
Plaintext
foo/admin@TEST.H5L.SE all
|
|
bar@TEST.H5L.SE all
|
|
baz@TEST.H5L.SE get,add *
|
|
bez@TEST.H5L.SE get,add *@TEST.H5L.SE
|
|
fez@TEST.H5L.SE get,add
|
|
hasalias@TEST.H5L.SE get,mod hasalias@TEST.H5L.SE
|
|
hasalias@TEST.H5L.SE get,add goodalias1@TEST.H5L.SE
|
|
hasalias@TEST.H5L.SE get,add goodalias2@TEST.H5L.SE
|
|
hasalias@TEST.H5L.SE get,add goodalias3@TEST.H5L.SE
|