Date: Thu, 15 Jun 2000 07:53:49 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: "Andrew J. Korty" <ajk@iu.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Kerberos IV DoS Message-ID: <200006151454.e5FEsF463079@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 15 Jun 2000 08:50:50 CDT." <Pine.BSF.4.21.0006150844340.45687-100000@kobayashi.uits.iupui.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.21.0006150844340.45687-100000@kobayashi.uits.iupu i.edu>, "Andrew J. Korty" writes: > Has the effects of CERT Advisory CA-2000-11 on FreeBSD been > addressed? Our version of Kerberos IV should not be affected, > but the MIT advisory at > > http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt > > states that Kerberos V vulnerability depends on the underlying > malloc() implementation. The Heimdal version of Kerberos V that's in the FreeBSD base is not affected. The krb5 port in the ports collection is affected. I've submitted a PR this morning to address this and the GSSFTP vulnerability patch released by MIT yesterday. The PR number is ports/19301. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006151454.e5FEsF463079>