The Samba-Bugzilla – Attachment 15108 Details for
Bug 13685
[SECURITY] CVE-2018-16860 S4U2Self with unkeyed checksum
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
advisory with CVE (v3)
CVE-2018-16860-advisory-03.txt (text/plain), 5.03 KB, created by
Andrew Bartlett
on 2019-04-29 23:04:05 UTC
(
hide
)
Description:
advisory with CVE (v3)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-04-29 23:04:05 UTC
Size:
5.03 KB
patch
obsolete
>=========================================================== >== Subject: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum >== >== CVE ID#: CVE-2018-16860 >== >== Versions: All Samba versions since Samba 4.0 >== All releases of Heimdal from 0.8 including 7.5.0 >== and any products that ship a KDC derived from one of >== those Heimdal releases. >== >== Summary: The checksum validation in the S4U2Self handler in >== the embedded Heimdal KDC did not first confirm that the >== checksum was keyed, allowing replacement of the >== requested target (client) principal. >=========================================================== > >=========== >Description >=========== > >S4U2Self (aka protocol-transition) is an extension to Kerberos used in >Active Directory to allow the creation of arbitrary Kerberos tickets, >written only to the local server. This is helpful in obtaining a full >list of the groups (SIDs) for a user given only a login name (see >MS-SFU, linked below). > >S4U2Proxy (aka constrained-delegation) is an extension of this mechanism >allowing this impersonation over the network, allowing a privileged >server to assert the identity of any user (who has presumably asserted >their own identity via a non-Kerberos protocol). > >The flaw in Samba's AD DC is that the Heimdal KDC, when checking the >checksum that is placed on the S4U2Self packet by the server to >protect the target principal against modification, it does not confirm >that the checksum algorithm is keyed. This allows a MITM to modify the >packet and to generate instead a CRC32 checksum (which requires no prior >knowledge to compute). > >This in turn would allow a ticket requested on behalf of user@EXAMPLE.COM to >be issued instead on behalf (and contain the PAC) of administrator@EXAMPLE.COM. > >================== >Patch Availability >================== > >Patches addressing both these issues have been posted to: > > http://www.samba.org/samba/security/ > >Additionally, Samba 4.8.12, 4.9.8 and 4.10.3 have been issued >as security releases to correct the defect. Samba administrators are >advised to upgrade to these releases or apply the patch as soon >as possible. > >================== >CVSSv3 calculation >================== > >CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (7.5) > >========================= >Workaround and Mitigation >========================= > >If no server takes privileged actions based on tickets obtained by >S4U2Self nor obtains tickets via S4U2Proxy then this issue cannot >be exploited. > >The path to an exploit is not generic, the KDC is not harmed by the >malicious checksum, it is the client service requesting the ticket >being mislead, because it trusted the KDC to return the correct ticket >and PAC. > >It is out of scope for Samba to describe all of the possible tool >chains that might be vulnerable. > >SFU2Self might be used by a web service authenticating an end user via >OAuth, Shibboleth, or other protocols to obtain a Kerberos service >ticket for use by any Kerberos service principal the web service has a >keytab for. One example is acquiring an AFS token by requesting an >afs/cell@REALM service ticket for a client via SFU2Self. With this >exploit an organization that deploys a KDC built from Heimdal (be it >Heimdal directly or vendor versions such as found in Samba) is >vulnerable to privilege escalation attacks. > >Likewise, if for instance the server authenticates users using X509 >certificates, and then uses S4U2Self to obtain a ticket on behalf of >the user in order to authorize access to local resources or to be used >via S4U2Proxy extension in order to provide access to network >resources. > >In such a scenario and under conditions allowing active network >protocol manipulation, a malicious user could authenticate using a >certificate of an unprivileged user, and then elevate its privileges >by intercepting the packet from the server to the KDC and changing the >requested principal name. > >Samba clients that use S4U2Self are only: > - the "net ads kerberos pac dump" (debugging) tool. > - the CIFS proxy in the deprecated/developer-only NTVFS file server > >In particular, winbindd does not use S4U2Self. > >Finally, MIT Kerberos and so therefore the experimental MIT KDC backend >for Samba AD is understood not to be impacted. > >=============== >Further Reading >=============== > >There is more detail on and a description of the protocols in > >[MS-SFU]: Kerberos Protocol Extensions: Service for User and Constrained Delegation Protocol >https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/ > >======= >Credits >======= > >Originally reported by Isaac Boukris and Andrew Bartlett of the Samba >Team and Catalyst. > >Patches provided by Isaac Boukris. > >Advisory written by Andrew Bartlett of the Samba Team and Catalyst, >with contributions from Isaac Boukris and Jeffrey Altman. > >========================================================== >== Our Code, Our Bugs, Our Responsibility. >== The Samba Team >==========================================================
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13685
:
14669
|
14810
|
14817
|
15094
|
15096
|
15097
|
15098
|
15100
|
15102
|
15103
|
15104
|
15106
|
15107
|
15108
|
15109
|
15110
|
15111
|
15112