Subject: remote root vulnerability in gssftp vs. NetBSD
To: None <firstname.lastname@example.org, email@example.com>
From: Bill Sommerfeld <firstname.lastname@example.org>
Date: 06/15/2000 08:59:56
Yesterday, Tom Yu of MIT posted an advisory to bugtraq reporting a
vulnerability in the MIT-distributed GSSAPI-secured FTP daemon
included in MIT's kerberos 5 distribution.
Based on examination of the NetBSD sources and the text of the
advisory, no version of NetBSD appears to be vulnerable.
The broken version appeared in krb5 version 1.1; according to the
advisory 1.0.x distributions do not have the bug.
1.4.x does not include kerberos 5; -current with crypto-us includes a
port of MIT's krb5-1.0.6 with some patches.