[6739] in Kerberos
Re: CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Fri Feb 23 00:14:39 1996
Date: Fri, 23 Feb 1996 00:01:49 -0500
To: cert@cert.org, lrr@cert.org, lhp@cert.org
From: jis@MIT.EDU (Jeffrey I. Schiller)
Cc: tytso@MIT.EDU, kerberos@MIT.EDU
-----BEGIN PGP SIGNED MESSAGE-----
We have an update to the patch described in CA-96.03. The actual patch has
not changed, but the REAME.PATCH file (part of random_patch.tar.*) which
contains instruction on how to install the patch has been edited to include
the following new paragraph.
>IMPORTANT: After running fix_kdb_keys you must kill and restart the
>kerberos server process (it has the old keys cached in memory). Also,
>if you operate any Kerberos slave servers, you need to perform a slave
>propagation immediately to update the keys on the slaves.
Unfortunately this means that the MD5 values advertised in the alert are no
longer correct. Updated files are now available on "athena-dist.mit.edu"
including an updated random_patch.md5 file which contains the MD5 checksums
of random_patch.tar.* and is PGP signed by me.
-Jeff
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMS1J8cUtR20Nv5BtAQHG6QQAk7vbQEHfYQVvQk/ooc+2ruCz/XJhvn4J
Z4XXcurcjkq56/6Bng2f14cO93XeaWjV9j5LpMC7751vKHx3K+MVm86/Ag3QQ1oj
rdSUHdzjEg73lGYEZ6ApFCeUMm7ZHrSonAoDOc5ijzvcTnVUua64VP1QlWkpglUm
SrH4iuF1lPo=
=F8Vg
-----END PGP SIGNATURE-----
