Apple Computer, Inc. Not Affected

Notified:  October 17, 2005 Updated: November 09, 2005

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server are not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Heimdal Kerberos Project Not Affected

Notified:  October 17, 2005 Updated: November 09, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Released Heimdal code is not affected by this protocol flaw, although some unreleased code may be vulnerable if some modes of operation are used to talk to a Microsoft DC using PKINIT. All released Heimdal code uses a non-vulnerable protocol implementation.

KTH Kerberos Team Not Affected

Notified:  October 17, 2005 Updated: November 09, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

KTH-KRB is not affected as it is a Kerberos 4 implementation.

Microsoft Corporation Affected

Updated:  August 09, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Microsoft Security Bulletin MS05-042 for information on fixes, updates, and workarounds.

MIT Kerberos Development Team Not Affected

Notified:  October 17, 2005 Updated: November 09, 2005

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The MIT Kerberos team has indicated that PKINIT does not ship with MIT Kerberos and that as such the software is not vulnerable.