[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 21 Mar 2007 12:33:52 -0400

Kim Kimball wrote:
> My reading of this says that network traffic from a server can be
> spoofed, in general, since an anonymous user will operate over an
> unauthenticated connection.  If so it seems it would be possible to
> place a file in the cache as well as spoof status.

As is true for all network traffic that is not protected against
tampering, it is theoretically possible for a man in the middle to alter
the contents of a data stream.

I hope this is not a surprise to anyone.

Jeffrey Altman
Secure Endpoints Inc.