| Subject | RE: [IB-Architect] Politically Correct Backdoor |
|---|---|
| Author | Jeroen W. Pluimers (All I'M) |
| Post date | 2001-01-10T18:49:58Z |
> Cert has published the vulnerability atThere is a typo in the CERT bulletin:
>
> http://www.kb.cert.org/vuls/id/247371
<<
It turns out the LOCKSMITH is an entity needed to allow "authorized"
interaction with the security accounts database between services. This
LOCKSMITH is the user account in question complied into the code with
full-access to the security accounts database by default. The compiled-in
code can be found in the jrd/pwd.h header which defines the macros in
question:
>>'complied' must become 'compiled'.
Jeroen W. Pluimers
All Information Management
http://www.all-im.com