The Samba-Bugzilla – Attachment 13359 Details for
Bug 12894
[SECURITY] [CVE-2017-11103] Orpheus' Lyre KDC-REP service name validation (mutual auth bypass) in embedded Heimdal
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch taken from the heimdal repository for 4.7, 4.6, 4.5 and master
cve-patch (text/plain), 1.40 KB, created by
Bob Campbell
on 2017-07-12 02:06:01 UTC
(
hide
)
Description:
Patch taken from the heimdal repository for 4.7, 4.6, 4.5 and master
Filename:
MIME Type:
Creator:
Bob Campbell
Created:
2017-07-12 02:06:01 UTC
Size:
1.40 KB
patch
obsolete
>From e96252cdb903acaace3ea1749bd69cefb218cb01 Mon Sep 17 00:00:00 2001 >From: Jeffrey Altman <jaltman@secure-endpoints.com> >Date: Wed, 12 Apr 2017 15:40:42 -0400 >Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation > >In _krb5_extract_ticket() the KDC-REP service name must be obtained from >encrypted version stored in 'enc_part' instead of the unencrypted version >stored in 'ticket'. Use of the unecrypted version provides an >opportunity for successful server impersonation and other attacks. > >Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. > >Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894 >--- > source4/heimdal/lib/krb5/ticket.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c >index 09bff30..60815b7 100644 >--- a/source4/heimdal/lib/krb5/ticket.c >+++ b/source4/heimdal/lib/krb5/ticket.c >@@ -722,8 +722,8 @@ _krb5_extract_ticket(krb5_context context, > /* check server referral and save principal */ > ret = _krb5_principalname2krb5_principal (context, > &tmp_principal, >- rep->kdc_rep.ticket.sname, >- rep->kdc_rep.ticket.realm); >+ rep->enc_part.sname, >+ rep->enc_part.srealm); > if (ret) > goto out; > if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12894
: 13359 |
13361
|
13363
|
13364
|
13619
|
13622