Date: Thu, 15 Jun 1995 13:34:21 +0800 (CST) From: Brian Tao <taob@gate.sinica.edu.tw> To: ywliu@beta.wsl.sinica.edu.tw Cc: security@freebsd.org Subject: Re: FreeBSD vulnerability in S/Key Message-ID: <Pine.BSI.3.91.950615133243.632Q-100000@aries> In-Reply-To: <199506150128.SAA14137@freefall.cdrom.com>
index | next in thread | previous in thread | raw e-mail
On Thu, 15 Jun 1995 ywliu@beta.wsl.sinica.edu.tw wrote:
>
> I am not familiar with S/Key, so my question is : I am using MD5 rather than
> DES, is this relevent ? Am I supposed to patch my system ?
Only if you use the S/Key one-time password system (which isn't
enabled by default). If you don't know what S/Key is, then chances
are your system isn't using them either.
> Also, is this fixed in 2.0.5 ?
Yes, it is:
> FreeBSD current users:
> ======================
> Update your /usr/src/lib/libskey sources and rebuild and
> install libskey (both shared and non-shared versions).
>
> The vulnerability has been fixed with FreeBSD 2.0.5.
--
Brian ("Though this be madness, yet there is method in't") Tao
taob@gate.sinica.edu.tw <-- work ........ play --> taob@io.org
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.91.950615133243.632Q-100000>