Date: Wed, 09 Aug 2000 18:12:29 -0500 From: Oscar Ricardo Silva <oscars@mail.utexas.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: Setting up kerberos server on FreeBSD 4.x Message-ID: <4.3.2.7.2.20000809181113.00b9b7d0@mail.utexas.edu> In-Reply-To: <Pine.BSF.4.21.0008091542310.57195-100000@freefall.freebsd. org> References: <4.3.2.7.2.20000809172222.00b489e0@mail.utexas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:44 PM 8/9/00 -0700, Kris Kennaway, you wrote: >On Wed, 9 Aug 2000, Oscar Ricardo Silva wrote: > > > One other minor question: Is the recent vulnerability found in Kerberos 4 > > fixed in FreeBSD 4.1 ? I saw that 3.5.1 was released but the only thing > > different from 3.5 was changes in the kerberos code. > >Well, what does the advisory tell you? > >Kris OK, found the answer to that one in FreeBSD-SA-00:33.kerberosIV.asc: At the time it was believed that the implementation of Kerberos distributed with FreeBSD was not vulnerable to these problems, but it was later discovered that FreeBSD 3.x contained an older version of KTH Kerberos 4 which is in fact vulnerable to at least some of these vulnerabilities. FreeBSD 4.0-RELEASE and later are unaffected by this problem, although FreeBSD 3.5-RELEASE is vulnerable. Should've just looked a little further and RTFM. Oscar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000809181113.00b9b7d0>