[14930] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS

daemon@ATHENA.MIT.EDU (Assar Westerlund)
Wed May 17 15:14:14 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <5lzopq9k56.fsf@assaris.sics.se>
Date:         Wed, 17 May 2000 00:59:16 +0200
Reply-To: Assar Westerlund <assar@SICS.SE>
From: Assar Westerlund <assar@SICS.SE>
X-To:         kerberos@MIT.EDU, bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  "Jeffrey I. Schiller"'s message of "Tue, 16 May 2000 15:09:05
              -0400"

"Jeffrey I. Schiller" <jis@MIT.EDU> writes:
>               BUFFER OVERRUN VULNERABILITIES IN KERBEROS

[ ... ]

> VULNERABLE DISTRIBUTIONS AND PROGRAMS:
>
> Source distributions which may contain vulnerable code include:
>
>        MIT Kerberos 5 releases krb5-1.0.x, krb5-1.1, krb5-1.1.1
>
>        MIT Kerberos 4 patch 10, and likely earlier releases as well
>
>        KerbNet (Cygnus implementation of Kerberos 5)
>
>        Cygnus Network Security (CNS -- Cygnus implementation of
>               Kerberos 4)

I would just like to add that neither of these distributions are
vulnerable:

        KTH krb4
        KTH Heimdal

/assar


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14930] in bugtraq

Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS

daemon@ATHENA.MIT.EDU (Assar Westerlund)Wed May 17 15:14:14 2000

daemon@ATHENA.MIT.EDU (Assar Westerlund)
Wed May 17 15:14:14 2000