FreeBSD Information for VU#602625
KTH Kerberos environment variables krb4proxy and KRBCONFDIR may be used insecurely
- Vendor Information Help Date Notified: 11 Dec 2000
- Statement Date:
- Date Updated: 14 Dec 2000
FreeBSD includes the externally maintained KTH Kerberos software as an optional component of the FreeBSD base system. Therefore, systems which have installed the Kerberos 4 components are vulnerable to these problems as described in the CERT advisory. Patches have been committed to the FreeBSD source tree and an advisory will be released shortly detailing the precise impact on vulnerable FreeBSD systems.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.