MITKRB5-SA-2004-002: double-free vulnerabilities
Mike Friedman
mikef at ack.Berkeley.EDU
Wed Sep 1 13:06:49 EDT 2004
On Wed, 1 Sep 2004 at 13:44 (-0300), Andreas wrote:
> On Wed, Sep 01, 2004 at 08:19:33AM -0700, Mike Friedman wrote:
>>> 2004-002-patch_1.2.7.txt
>>> ========================
>>>
>>> http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt
>>>
>>> The associated detached PGP signature is at:
>>>
>>> http://web.mit.edu/kerberos/advisories/2004-002-patch_1.2.7.txt.asc
>>
>> I find that the PGP signature doesn't verify. Is anyone else having
>> this problem?
>
> Just downloaded both with wget and the signature checks out OK for me.
Hmm. I just installed wget and then downloaded the 1.3.4 version of the
patch (which I've decided to use instead of 1.2.7). The signature still
doesn't verify! In fact, the file I downloaded with wget is identical to
the one I downloaded using 'lynx -source'.
I have no trouble verifying the asn1 (MITKRB5-SA-2004-003) patch with PGP.
Why can't I get -002 to verify?
Any other ideas? I'm doing this on Solaris 8, using PGP 6.5.8.
Thanks.
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the Kerberos
mailing list