OpenBSD Journal

y 3.2 Patch 001: kadmind

Contributed by jose on from the quick-erratta dept.

From Miod@ to the security-announce list:
OpenBSD 3.2, as shipped, is vulnerable to a kadmind remote exploit if the
machine is configured as a kdc (which is not the case in the default

A fix addressing this problem is available in the -STABLE branch, and as
a standalone patch file, at the following location:

For more information about errata and patch, please read the OpenBSD
errata page:

The patch is available via FTP and has been rolled into -stable already.

Thanks to Miod for coordinating this with us!

(Comments are closed)

  1. By Anonymous Coward () on

    I see security-accounce@ is being used now :) That's very good, since iirc the last 3.1 patches weren't announced on the list :(

  2. By Noob () on

    I am very happy to see such improvement in the announcement for this latest patch for 3.2

    I too was a bit disappointed in the way the last patch was handled.

    Inconsistency or lazyness in even the simple tasks makes me worry that the important ones were done without careful attention to detail as well.

    Good Job OpenBSD Team!
    You've made me happy anyways ;-)

  3. By Anonymous Coward () on

    Wouldn't the OpenBSD 3.2's "Non-executable stack" issue with all binaries mitigated if a successful exploit happened?


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]