Status of VU#258721

Sam Hartman hartmans at MIT.EDU
Tue Mar 11 11:02:18 EST 2003


>>>>> "Patrick" == Patrick C F Ernzer <pernzer at redhat.com> writes:

    Patrick> Hello, http://www.kb.cert.org/vuls/id/258721 states that
    Patrick> krb5 is vulnerable up to and including krb5-1.2.7

    Patrick> Did I miss the announcement on krb5-bugs or has there
    Patrick> really been no update on your part to this so far?

We do not consider this vulnerability a particularly high priority
vulnerability.  We hope to get a fix in for 1.3.

The ftp client is not something we care much about; we have discussed
dropping it from the release on krbdev.  We care much more about
server side vulnerabilities than client side vulnerabilities.  We care
much more about new vulnerabilities than vulnerabilities many people
have known about for a long time and lived with as an acceptable risk.
The net result is that this issue is fairly far down on our priorities
list.

--Sam



More information about the Kerberos mailing list