[6742] in Kerberos
Re: CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server
daemon@ATHENA.MIT.EDU (Lawrence R. Rogers)
Fri Feb 23 07:51:20 1996
To: jis@MIT.EDU (Jeffrey I. Schiller)
Cc: cert@cert.org, lhp@cert.org, tytso@MIT.EDU, kerberos@MIT.EDU
In-Reply-To: Your message of Fri, 23 Feb 1996 00:01:49 -0500
Date: Fri, 23 Feb 1996 07:37:10 -0500
From: "Lawrence R. Rogers" <lrr@cert.org>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> We have an update to the patch described in CA-96.03. The actual patch has
> not changed, but the REAME.PATCH file (part of random_patch.tar.*) which
> contains instruction on how to install the patch has been edited to include
> the following new paragraph.
>
> >IMPORTANT: After running fix_kdb_keys you must kill and restart the
> >kerberos server process (it has the old keys cached in memory). Also,
> >if you operate any Kerberos slave servers, you need to perform a slave
> >propagation immediately to update the keys on the slaves.
>
> Unfortunately this means that the MD5 values advertised in the alert are no
> longer correct. Updated files are now available on "athena-dist.mit.edu"
> including an updated random_patch.md5 file which contains the MD5 checksums
> of random_patch.tar.* and is PGP signed by me.
>
> -Jeff
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBMS1J8cUtR20Nv5BtAQHG6QQAk7vbQEHfYQVvQk/ooc+2ruCz/XJhvn4J
> Z4XXcurcjkq56/6Bng2f14cO93XeaWjV9j5LpMC7751vKHx3K+MVm86/Ag3QQ1oj
> rdSUHdzjEg73lGYEZ6ApFCeUMm7ZHrSonAoDOc5ijzvcTnVUua64VP1QlWkpglUm
> SrH4iuF1lPo=
> =F8Vg
> -----END PGP SIGNATURE-----
>
>
>
Ackamundo. We'll get the README updated and the new patches out on our FTP
archive soon.
Larry
