Bugtraq mailing list archives

Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS

From: assar () SICS SE (Assar Westerlund)
Date: Wed, 17 May 2000 00:59:16 +0200


"Jeffrey I. Schiller" <jis () MIT EDU> writes:

              BUFFER OVERRUN VULNERABILITIES IN KERBEROS


[ ... ]

VULNERABLE DISTRIBUTIONS AND PROGRAMS:

Source distributions which may contain vulnerable code include:

       MIT Kerberos 5 releases krb5-1.0.x, krb5-1.1, krb5-1.1.1

       MIT Kerberos 4 patch 10, and likely earlier releases as well

       KerbNet (Cygnus implementation of Kerberos 5)

       Cygnus Network Security (CNS -- Cygnus implementation of
              Kerberos 4)


I would just like to add that neither of these distributions are
vulnerable:

        KTH krb4
        KTH Heimdal

/assar

Current thread:

Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS Assar Westerlund (May 16)
- <Possible follow-ups>
- Re: BUFFER OVERRUN VULNERABILITIES IN KERBEROS Microsoft Security Response Center (May 17)