From owner-freebsd-security Tue Apr 29 23:39:21 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA09583 for security-outgoing; Tue, 29 Apr 1997 23:39:21 -0700 (PDT) Received: from grackle.grondar.za (grackle.grondar.za [196.7.18.131]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA09577 for ; Tue, 29 Apr 1997 23:39:15 -0700 (PDT) Received: from grackle.grondar.za (localhost [127.0.0.1]) by grackle.grondar.za (8.8.5/8.8.4) with ESMTP id IAA03856; Wed, 30 Apr 1997 08:38:55 +0200 (SAT) Message-Id: <199704300638.IAA03856@grackle.grondar.za> To: Robert N Watson cc: security@freebsd.org Subject: Re: vulnerabilities in kerberos (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 30 Apr 1997 08:38:52 +0200 From: Mark Murray Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 29 Apr 1997 19:51:29 -0400 (EDT) , Robert N Watson wrote: > Most of the stuff in this bulletin is not relevant to FreeBSD's eBones > distribution, as it's Kerberos IV, but near the bottom they start talking > about some Kerberos IV stuff that was vulnerable in OpenBSD's KerbIV stuff > until recently. OK... > BTW, is anyone actively maintaining the Kerberos code in FreeBSD? Have we Yes. Me. (But I have been kinda slack). > given any thought to bringing in the Kth code instead, as it's more > modern, etc? I've noticed, also, that the Krb distribution for FreeBSD > doesn't include the kerberos-authenticated FTPd, so one has to make that > independantly and set flags appropriately. That should probably be > corrected. I am going to commit KTH eBones one of these days (RSN). I have been INCREDIBLY busy at work, and owe them a lot of time for sick leave last year. KTH has a lot of nice toys, and they fix very many problems, like multi- homed hosts, some buffer overruns, etc. I have a license to bring in Kerberos5 as well. That code _really_ sucks, though. It is all over the place, and getting it "bmaked" is a much longer term project. M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE