patches available for the Kerberos v4 protocol bug

There is a cryptographic weaknesses in the Kerberos v4 protocol (this is not something that is fixable in Kerberos v4). Sites still using Kerberos v4 should migrate to Kerberos v5.

Kerberos v5 does not have this weakness, but since it contains v4 to v5 translation services it is still possible to exploit the v4 protocol defect.

For more information, please see:

    http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt

The following patches cause Kerberos v4 requests from foreign realms to be ignored unless support for this is explicitly enabled.

Patch for OpenBSD 3.1:

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/026_kerberos.patch

Patch for OpenBSD 3.2:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/013_kerberos.patch

The aforementioned patches have already been applied to the 3.1 and 3.2 -stable branches. Received on Mon Mar 24 14:31:40 2003