The Samba-Bugzilla – Attachment 12737 Details for
Bug 12445
[SECURITY] CVE-2016-2125: don't send delegated credentials to all servers
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2016-2125-v3.6.asn01.patch
CVE-2016-2125-v3.6.asn01.patch (text/plain), 1.04 KB, created by
Andreas Schneider
on 2016-12-07 10:01:13 UTC
(
hide
)
Description:
CVE-2016-2125-v3.6.asn01.patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2016-12-07 10:01:13 UTC
Size:
1.04 KB
patch
obsolete
>From 381c6b59b6f364d3a3099d0de1c4d9158163d4e4 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 7 Dec 2016 10:58:35 +0100 >Subject: [PATCH] CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG > >We should only use GSS_C_DELEG_POLICY_FLAG in order to let >the KDC decide if we should send delegated credentials to >a remote server. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Backported-by: Andreas Schneider <asn@samba.org> >--- > source3/librpc/crypto/gse.c | 1 - > 1 file changed, 1 deletion(-) > >diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c >index 02fb0f6141d..211ca7774be 100644 >--- a/source3/librpc/crypto/gse.c >+++ b/source3/librpc/crypto/gse.c >@@ -162,7 +162,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx, > memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc)); > > gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG | >- GSS_C_DELEG_FLAG | > GSS_C_DELEG_POLICY_FLAG | > GSS_C_REPLAY_FLAG | > GSS_C_SEQUENCE_FLAG; >-- >2.11.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12445
:
12707
|
12708
|
12709
|
12710
|
12711
|
12730
|
12732
|
12733
|
12735
|
12736
|
12737
|
12739
|
12766
|
12772