Jacques A. Vidrine
nectar at FreeBSD.org
Thu Mar 18 06:00:54 PST 2004
On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote:
> Do you imply that applications with ability to use Kerberos
> ciphersuites are impossible to be implemented for current versions of FreeBSD?
The base system OpenSSL has no support for implementing the Kerberos
ciphersuites (the OpenSSL code is extremely MIT Kerberos specific).
The ports system OpenSSL appears to have no support, either.
If one compiles OpenSSL oneself, *and* has MIT Kerberos, *and* enables
the Kerberos options, *and* has all ciphersuites (or at least the
Kerberos ciphersuites) specified in your application's configuration,
then you might be affected. But that has nothing to do with FreeBSD.
Thus, answering your question again:
Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects
Kerberos ciphersuites" security problem?
No, FreeBSD is not.
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-security