CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

Post by Lawrence R. Roge » Sat, 24 Feb 1996 04:00:00



Quote:> -----BEGIN PGP SIGNED MESSAGE-----

> We have an update to the patch described in CA-96.03. The actual patch has
> not changed, but the REAME.PATCH file (part of random_patch.tar.*) which
> contains instruction on how to install the patch has been edited to include
> the following new paragraph.

> >IMPORTANT: After running fix_kdb_keys you must kill and restart the
> >kerberos server process (it has the old keys cached in memory). Also,
> >if you operate any Kerberos slave servers, you need to perform a slave
> >propagation immediately to update the keys on the slaves.

> Unfortunately this means that the MD5 values advertised in the alert are no
> longer correct. Updated files are now available on "athena-dist.mit.edu"
> including an updated random_patch.md5 file which contains the MD5 checksums
> of random_patch.tar.* and is PGP signed by me.

>                                 -Jeff

> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2

> iQCVAwUBMS1J8cUtR20Nv5BtAQHG6QQAk7vbQEHfYQVvQk/ooc+2ruCz/XJhvn4J
> Z4XXcurcjkq56/6Bng2f14cO93XeaWjV9j5LpMC7751vKHx3K+MVm86/Ag3QQ1oj
> rdSUHdzjEg73lGYEZ6ApFCeUMm7ZHrSonAoDOc5ijzvcTnVUua64VP1QlWkpglUm
> SrH4iuF1lPo=
> =F8Vg
> -----END PGP SIGNATURE-----

Ackamundo.  We'll get the README updated and the new patches out on our FTP
archive soon.

Larry

 
 
 

CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

Post by Jeffrey I. Schill » Sat, 24 Feb 1996 04:00:00


-----BEGIN PGP SIGNED MESSAGE-----

We have an update to the patch described in CA-96.03. The actual patch has
not changed, but the REAME.PATCH file (part of random_patch.tar.*) which
contains instruction on how to install the patch has been edited to include
the following new paragraph.

Quote:>IMPORTANT: After running fix_kdb_keys you must kill and restart the
>kerberos server process (it has the old keys cached in memory). Also,
>if you operate any Kerberos slave servers, you need to perform a slave
>propagation immediately to update the keys on the slaves.

Unfortunately this means that the MD5 values advertised in the alert are no
longer correct. Updated files are now available on "athena-dist.mit.edu"
including an updated random_patch.md5 file which contains the MD5 checksums
of random_patch.tar.* and is PGP signed by me.

                                -Jeff

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMS1J8cUtR20Nv5BtAQHG6QQAk7vbQEHfYQVvQk/ooc+2ruCz/XJhvn4J
Z4XXcurcjkq56/6Bng2f14cO93XeaWjV9j5LpMC7751vKHx3K+MVm86/Ag3QQ1oj
rdSUHdzjEg73lGYEZ6ApFCeUMm7ZHrSonAoDOc5ijzvcTnVUua64VP1QlWkpglUm
SrH4iuF1lPo=
=F8Vg
-----END PGP SIGNATURE-----