From owner-freebsd-security  Thu Jun 15  7:55:38 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 396F137B86E
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Jun 2000 07:55:35 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA23605;
	Thu, 15 Jun 2000 07:55:03 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda23599; Thu Jun 15 07:54:47 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA64097;
	Thu, 15 Jun 2000 07:54:47 -0700 (PDT)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdF64081; Thu Jun 15 07:54:15 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.10.2/8.9.1) id e5FEsF463079;
	Thu, 15 Jun 2000 07:54:15 -0700 (PDT)
Message-Id: <200006151454.e5FEsF463079@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdO63072; Thu Jun 15 07:53:49 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 4.0-STABLE
X-Sender: cy
To: "Andrew J. Korty" <ajk@iu.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Kerberos IV DoS 
In-reply-to: Your message of "Thu, 15 Jun 2000 08:50:50 CDT."
             <Pine.BSF.4.21.0006150844340.45687-100000@kobayashi.uits.iupui.edu> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 15 Jun 2000 07:53:49 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.21.0006150844340.45687-100000@kobayashi.uits.iupu
i.edu>,
 "Andrew J. Korty" writes:
> Has the effects of CERT Advisory CA-2000-11 on FreeBSD been
> addressed?  Our version of Kerberos IV should not be affected,
> but the MIT advisory at
> 
> 	http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
> 
> states that Kerberos V vulnerability depends on the underlying
> malloc() implementation.

The Heimdal version of Kerberos V that's in the FreeBSD base is not 
affected.  The krb5 port in the ports collection is affected.  I've 
submitted a PR this morning to address this and the GSSFTP 
vulnerability patch released by MIT yesterday.  The PR number is 
ports/19301.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message