From owner-doc-jp@jp.freebsd.org  Sun May 28 16:38:41 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id QAA83894;
	Sun, 28 May 2000 16:38:41 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from smtp01.246.ne.jp (smtp01.246.ne.jp [210.253.192.35])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id QAA83889
	for <doc-jp@jp.freebsd.org>; Sun, 28 May 2000 16:38:41 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: (qmail 5130 invoked by alias); 28 May 2000 16:38:40 +0900
Message-ID: <20000528073840.5129.qmail@smtp.246.ne.jp>
Received: (qmail 5120 invoked from network); 28 May 2000 16:38:39 +0900
Received: from tp4hr071.246.ne.jp (HELO localhost) (210.253.193.71)
  by smtp.246.ne.jp with SMTP; 28 May 2000 16:38:39 +0900
To: doc-jp@jp.freebsd.org
In-Reply-To: <200005270414.NAA10586@iris.dti.ne.jp>
References: <20000526174039.514AE37BF77@hub.freebsd.org>
	<200005270414.NAA10586@iris.dti.ne.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Sun, 28 May 2000 16:38:36 +0900
From: Koga Youichirou <y-koga@jp.freebsd.org>
X-Dispatcher: imput version 20000228(IM140)
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7421
Subject: [doc-jp 7421] Re: ANNOUNCE: FreeBSD Security Advisory:
 FreeBSD-SA-00:20.krb5
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

dais@iris.dti.ne.jp (Daisuke Higashi):
> $BEl$G$9!#$H$$$&$o$1$G!"(BFreeBSD-SA-00:20.krb5 $B$b!#(B

$B$Q$A$Q$A$Q$A!y(B

> =============================================================================
> FreeBSD-SA-00:20                                           Security Advisory
>                                                                 FreeBSD, Inc.

> $B%H%T%C%/(B:        krb5 port $B$K4^$^$l$k%j%b!<%H$*$h$S%m!<%+%k$K$*$1$k(B
>                  root $B8"8BC%<h$N4m81@-(B

$B$3$l$b!#(B

> I.   $BGX7J(B - Background
> 
> (KTH Heimdal, the Kerberos 5 implementation, is
> currently considered "experimental" software).
> (Kerberos 5 $B$N<BAu$G$"$k(B KTH Heimdal $B$O!"(B
> $B8=:_!V<B83E*$J(B(experimental)$B!W%=%U%H%&%'%"$H9M$($i$l$F$$$^$9!#(B)

$B!V9M$($i$l$F$$$^$9!W$G$9$H0lHLE*$J$3$H$_$?$$$J0u>]$r<u$1$^$9$,!"$3$3$G(B
$B$O(B base $B%7%9%F%`$KF~$C$F$$$k$1$l$I!"(Bexperimental $B$J07$$$K$7$F$$$k!"$H(B
$B$$$&$3$H$J$s$@$H;W$$$^$9!#(B

> II.  $BLdBj$N>\:Y(B - Problem Description

> However, a very old release of FreeBSD dating from 1997 (FreeBSD
> 2.2.5) did ship with a closely MIT-derived Kerberos implementation
> ("eBones") and may be vulnerable to attacks of the kind described
> here.
> $B$7$+$7$J$,$i!"(B1997 $BG/0J9_$N!"Hs>o$K8E$$(B FreeBSD $B$N%j%j!<%9(B
> (FreeBSD 2.2.5) $B$O!"(BMIT $BM3Mh$N(B Kerberos $B$K6a$$<BAu$H$H$b$K(B
> $B=P2Y$5$l$F$*$j!"$*$=$i$/$3$3$K=q$+$l$F$$$kF1<o$N967b$KBP$7$F(B
> $B@H<e$G$7$g$&!#(B
 |$B$7$+$7(B, 1997 $BG/0J9_$N!"Hs>o$K8E$$(B FreeBSD $B$N%j%j!<%9(B
 |(FreeBSD 2.2.5) $B$O(B, MIT $BM3Mh$N(B Kerberos $B$K6a$$<BAu$H$H$b$K(B
 |$B=P2Y$5$l$F$*$j!"$*$=$i$/$3$3$K=q$+$l$F$$$kF1<o$N967b$KBP$9$k(B
 |$B%;%-%e%j%F%#>e$N<eE@$,B8:_$9$k$H;W$o$l$^$9(B.

$B$I$A$i$b(B ("eBones") $B$,>C$($F$$$^$9!#(B

> Note however that FreeBSD 2.x is no longer an officially
> supported version, nor are security fixes always provided.
> $B$7$+$7!"(BFreeBSD 2.x $B$O!"$b$O$d8x<0$K$O%5%]!<%H$5$l$J$$%P!<%8%g%s$G!"(B
> $B%;%-%e%j%F%#$K4X$9$k=$@5$bDs6!$5$l$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B
 |$B$?$@$7(B, FreeBSD 2.x $B$O!"$9$G$K8x<0$K$O%5%]!<%H$5$l$F$$$J$$%P!<%8%g%s$G$9(B.
 |$B%;%-%e%j%F%#$K4X$9$k=$@5$bDs6!$5$l$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B

$BItJ,H]Dj$J$N$G!"!VDs6!$5$l$J$$!W$G$O$J$/$F!VI,$:$7$bDs6!$5$l$k$H$O8B$i(B
$B$J$$!W$G$9!#(B
----
$B$3$,$h$&$$$A$m$&(B
