From BSD Today: "OpenBSD has announced a security fix for two problems that were discovered in KerberosIV code.
According to a posting to the OpenBSD security announcements list, a symlink problem was
discovered which makes it possible for a local user to overwrite any file on the local machine if you
have enabled KerberosIV in /etc/kerberosIV/krb.conf. And, if you use telnetd and you accept insecure
cleartext passwords, the announcement says, special environment variables may be set on the remote
December 9, 2000