From owner-freebsd-security@FreeBSD.ORG Thu Mar 18 06:00:54 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAA6516A4CE for ; Thu, 18 Mar 2004 06:00:54 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82D7A43D39 for ; Thu, 18 Mar 2004 06:00:54 -0800 (PST) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 1AAFF5487E; Thu, 18 Mar 2004 08:00:54 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 49629-06; Thu, 18 Mar 2004 08:00:43 -0600 (CST) Received: from lum.celabo.org (lum.celabo.org [10.0.1.107]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id E7F015486E; Thu, 18 Mar 2004 08:00:32 -0600 (CST) Received: by lum.celabo.org (Postfix, from userid 501) id EE347169969; Thu, 18 Mar 2004 07:38:37 -0600 (CST) Date: Thu, 18 Mar 2004 07:38:37 -0600 From: "Jacques A. Vidrine" To: Rostislav Krasny Message-ID: <20040318133837.GB11791@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Rostislav Krasny , Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , freebsd-security@freebsd.org References: <20040318022009.52877.qmail@web14804.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040318022009.52877.qmail@web14804.mail.yahoo.com> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2004 14:00:54 -0000 On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > Do you imply that applications with ability to use Kerberos > ciphersuites are impossible to be implemented for current versions of FreeBSD? The base system OpenSSL has no support for implementing the Kerberos ciphersuites (the OpenSSL code is extremely MIT Kerberos specific). The ports system OpenSSL appears to have no support, either. If one compiles OpenSSL oneself, *and* has MIT Kerberos, *and* enables the Kerberos options, *and* has all ciphersuites (or at least the Kerberos ciphersuites) specified in your application's configuration, then you might be affected. But that has nothing to do with FreeBSD. Thus, answering your question again: Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects Kerberos ciphersuites" security problem? No, FreeBSD is not. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org