From owner-freebsd-security  Thu Jun 15  6:51: 0 2000
Delivered-To: freebsd-security@freebsd.org
Received: from kobayashi.uits.iupui.edu (kobayashi.uits.iupui.edu [134.68.11.80])
	by hub.freebsd.org (Postfix) with ESMTP id CF04237BD12
	for <freebsd-security@freebsd.org>; Thu, 15 Jun 2000 06:50:51 -0700 (PDT)
	(envelope-from ajk@iu.edu)
Received: from localhost (ajk@localhost)
	by kobayashi.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id IAA45770
	for <freebsd-security@freebsd.org>; Thu, 15 Jun 2000 08:50:50 -0500 (EST)
	(envelope-from ajk@iu.edu)
Date: Thu, 15 Jun 2000 08:50:50 -0500 (EST)
From: "Andrew J. Korty" <ajk@iu.edu>
X-Sender: ajk@kobayashi.uits.iupui.edu
To: freebsd-security@freebsd.org
Subject: Kerberos IV DoS
Message-ID: <Pine.BSF.4.21.0006150844340.45687-100000@kobayashi.uits.iupui.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Has the effects of CERT Advisory CA-2000-11 on FreeBSD been
addressed?  Our version of Kerberos IV should not be affected,
but the MIT advisory at

	http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt

states that Kerberos V vulnerability depends on the underlying
malloc() implementation.

-- 
Andrew J. Korty, Lead Security Engineer
Office of the Vice President for Information Technology
Indiana University




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message