Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.9.3p2) with ESMTP id QAA09786; Tue, 7 Mar 2006 16:03:47 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.12.4/8.9.2) with ESMTP id k27L3k9T005227 for ; Tue, 7 Mar 2006 16:03:46 -0500 (EST) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.1/8.12.4) with ESMTP id k27L3h4i028619 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 7 Mar 2006 16:03:44 -0500 (EST) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9) id k27L3hXg028331; Tue, 7 Mar 2006 16:03:43 -0500 (EST) To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #3492] MIT Kerberose 1.3.5 vulnerability References: From: Tom Yu Date: Tue, 07 Mar 2006 16:03:43 -0500 In-Reply-To: (Leena Pachkawde's message of "Mon, 6 Mar 2006 12:53:13 -0500 (EST)") Message-Id: Lines: 15 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: 1.217 X-Spam-Level: * (1.217) X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 394 Hi, It is not necessary to resend your message multiple times. It would be helpful if you were more specific about which vulnerability you are asking about. I infer that you mean MITKRB5-SA-2004-004 / CERT VU#948033 / CVE CAN-2004-1189 though I'm not certain. We do not generally make exploit code available, and we are not aware of published exploit code for this vulnerability. ---Tom