Date: Wed, 14 Jun 1995 20:26:16 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: ywliu@beta.wsl.sinica.edu.tw Cc: security@freebsd.org Subject: Re: FreeBSD vulnerability in S/Key Message-ID: <199506150326.UAA02199@gndrsh.aac.dev.com> In-Reply-To: <199506150128.SAA14137@freefall.cdrom.com> from "ywliu@beta.wsl.sinica.edu.tw" at Jun 15, 95 09:23:24 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hi, > > I read the following on comp.security.announce > > >CERT Vendor-Initiated Bulletin VB-95:04 > >June 14, 1995 > > > >Topic: Logdaemon/FreeBSD vulnerability in S/Key > >Source: Wietse Venema (wietse@wzv.win.tue.nl) > > > >A vulnerability exists in my own S/Key software enhancements. Since > >these enhancements are in wide-spread use, a public announcement is > >appropriate. The vulnerability affects the following products: > > > > FreeBSD version 1.1.5.1 > > FreeBSD version 2.0 > > logdaemon versions before 4.9 > > I am not familiar with S/Key, so my question is : I am using MD5 rather than > DES, is this relevent ? No, that is not relevant, is what is relevant is if you are using S/Key (ie you have an /etc/skeykeys file) you should do what the CERT advisory tells you to do. > Am I supposed to patch my system ? Propably not, since you don't know what skey is you are probably not using it. > > Also, is this fixed in 2.0.5 ? Yes. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506150326.UAA02199>