CERT Vendor-Initiated Bulletin VB-95:04 (Wietse Venema)

CERT Vendor-Initiated Bulletin VB-95:04
June 14, 1995

Topic: Logdaemon/FreeBSD vulnerability in S/Key
Source: Wietse Venema (wietse@wzv.win.tue.nl)

To aid in the wide distribution of essential security information, the
CERT Coordination Center is forwarding the following information from
Wietse Venema, who urges you to act on this information as soon as possible.
Please contact Wietse Venema if you have any questions or need further

========================FORWARDED TEXT STARTS HERE============================

A vulnerability exists in my own S/Key software enhancements. Since
these enhancements are in wide-spread use, a public announcement is
appropriate. The vulnerability affects the following products:

        FreeBSD version
        FreeBSD version 2.0
        logdaemon versions before 4.9

I recommend that users of this software follow the instructions given
below in section III.