--- "Jacques A. Vidrine" <nectar@FreeBSD.org> wrote: > On Wed, Mar 17, 2004 at 06:20:09PM -0800, Rostislav Krasny wrote: > > Do you imply that applications with ability to use Kerberos > > ciphersuites are impossible to be implemented for current versions > > of FreeBSD? > > The base system OpenSSL has no support for implementing the Kerberos > ciphersuites (the OpenSSL code is extremely MIT Kerberos specific). > > The ports system OpenSSL appears to have no support, either. Finally someone gave a good explanation to my question. This explanation is quite enough to understand that FreeBSD is not vulnerable to mentioned OpenSSL flaw. Thank you! > If one compiles OpenSSL oneself, *and* has MIT Kerberos, *and* > enables the Kerberos options, *and* has all ciphersuites (or at least > the Kerberos ciphersuites) specified in your application's > configuration, then you might be affected. But that has nothing to > do with FreeBSD. > Thus, answering your question again: > > Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects > Kerberos ciphersuites" security problem? > > No, FreeBSD is not. Thank you again for solely correct answer. __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"