Re: FreeBSD-SA-04:05.openssl question

• Previous message: Jacques A. Vidrine: "Re: portaudit"
• In reply to: Rostislav Krasny: "Re: FreeBSD-SA-04:05.openssl question"
• Next in thread: Rostislav Krasny: "Re: FreeBSD-SA-04:05.openssl question"
• Reply: Rostislav Krasny: "Re: FreeBSD-SA-04:05.openssl question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 18 Mar 2004 07:38:37 -0600
To: Rostislav Krasny <rosti_bsd@yahoo.com>

On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote:
> Do you imply that applications with ability to use Kerberos
> ciphersuites are impossible to be implemented for current versions of FreeBSD?

The base system OpenSSL has no support for implementing the Kerberos
ciphersuites (the OpenSSL code is extremely MIT Kerberos specific).

The ports system OpenSSL appears to have no support, either.

If one compiles OpenSSL oneself, *and* has MIT Kerberos, *and* enables
the Kerberos options, *and* has all ciphersuites (or at least the
Kerberos ciphersuites) specified in your application's configuration,
then you might be affected. But that has nothing to do with FreeBSD.
Thus, answering your question again:

  Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects
  Kerberos ciphersuites" security problem?

No, FreeBSD is not.

Cheers,

-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Jacques A. Vidrine: "Re: portaudit"
• In reply to: Rostislav Krasny: "Re: FreeBSD-SA-04:05.openssl question"
• Next in thread: Rostislav Krasny: "Re: FreeBSD-SA-04:05.openssl question"
• Reply: Rostislav Krasny: "Re: FreeBSD-SA-04:05.openssl question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: FreeBSD-SA-04:05.openssl question ... > The base system OpenSSL has no support for implementing the Kerberos ... > ciphersuites. ... explanation is quite enough to understand that FreeBSD is not ... (FreeBSD-Security) Re: FreeBSD-SA-04:05.openssl question ... >> Do you imply that applications with ability to use Kerberos ... >> ciphersuites are impossible to be implemented for current versions ... > Instead of asking about impossibility in the abstract, ... (FreeBSD-Security) Re: FreeBSD-SA-04:05.openssl question ... > Do you imply that applications with ability to use Kerberos ... > ciphersuites are impossible to be implemented for current versions of FreeBSD? ... The text before the above quoted "Most applications have no ability..." ... Instead of asking about impossibility in the abstract, ... (FreeBSD-Security) Re: Problems using gssapi authentication from FreeBSD to Linux machines ... work between a FreeBSD host and a Linux host. ... STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens ... but I can't get the Linux box to accept the Kerberos ... (FreeBSD-Security) Re: Problems using gssapi authentication from FreeBSD to Linux machines ... work between a FreeBSD host and a Linux host. ... STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens ... but I can't get the Linux box to accept the Kerberos ... (FreeBSD-Security)