From owner-freebsd-security  Wed Jun 14 18:29:16 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id SAA14148
          for security-outgoing; Wed, 14 Jun 1995 18:29:16 -0700
Received: from beta.wsl.sinica.edu.tw (beta.wsl.sinica.edu.tw [140.109.7.2])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id SAA14137
          for <security@freebsd.org>; Wed, 14 Jun 1995 18:28:55 -0700
From: ywliu@beta.wsl.sinica.edu.tw
Message-Id: <199506150128.SAA14137@freefall.cdrom.com>
Received: by beta.wsl.sinica.edu.tw
	(1.37.109.8/16.2) id AA14258; Thu, 15 Jun 1995 09:23:24 +0800
Date: Thu, 15 Jun 1995 09:23:24 +0800
To: security@freebsd.org
Subject: FreeBSD vulnerability in S/Key
Newsgroups: comp.security.announce
Sender: security-owner@freebsd.org
Precedence: bulk

Hi, 

I read the following on comp.security.announce

>CERT Vendor-Initiated Bulletin VB-95:04
>June 14, 1995
>
>Topic:  Logdaemon/FreeBSD vulnerability in S/Key
>Source: Wietse Venema (wietse@wzv.win.tue.nl)
>
>A vulnerability exists in my own S/Key software enhancements.  Since
>these enhancements are in wide-spread use, a public announcement is 
>appropriate.  The vulnerability affects the following products:
>
>        FreeBSD version 1.1.5.1
>        FreeBSD version 2.0
>        logdaemon versions before 4.9

I am not familiar with S/Key, so my question is : I am using MD5 rather than
DES, is this relevent ? Am I supposed to patch my system ?

Also, is this fixed in 2.0.5 ?

--
Yen-Wei Liu 
Internet e-mail address:ywliu@beta.wsl.sinica.edu.tw
			ywliu@gate.sinica.edu.tw
FAX: +886-2-783-6444