Date: Thu, 18 Mar 2004 12:32:53 -0800 (PST) From: Rostislav Krasny <rosti_bsd@yahoo.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD-SA-04:05.openssl question Message-ID: <20040318203253.27206.qmail@web14803.mail.yahoo.com> In-Reply-To: <20040318133837.GB11791@lum.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--- "Jacques A. Vidrine" <nectar@FreeBSD.org> wrote: > On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > > Do you imply that applications with ability to use Kerberos > > ciphersuites are impossible to be implemented for current versions > > of FreeBSD? > > The base system OpenSSL has no support for implementing the Kerberos > ciphersuites (the OpenSSL code is extremely MIT Kerberos specific). > > The ports system OpenSSL appears to have no support, either. Finally someone gave a good explanation to my question. This explanation is quite enough to understand that FreeBSD is not vulnerable to mentioned OpenSSL flaw. Thank you! > If one compiles OpenSSL oneself, *and* has MIT Kerberos, *and* > enables the Kerberos options, *and* has all ciphersuites (or at least > the Kerberos ciphersuites) specified in your application's > configuration, then you might be affected. But that has nothing to > do with FreeBSD. > Thus, answering your question again: > > Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects > Kerberos ciphersuites" security problem? > > No, FreeBSD is not. Thank you again for solely correct answer. __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040318203253.27206.qmail>