12998 – (CVE-2017-6594) [SECURITY] HEIMDAL:kdc: Fix transit path validation CVE-2017-6594

Bug 12998 (CVE-2017-6594) - [SECURITY] HEIMDAL:kdc: Fix transit path validation CVE-2017-6594

Summary: [SECURITY] HEIMDAL:kdc: Fix transit path validation CVE-2017-6594

Status:	RESOLVED FIXED

Alias:	CVE-2017-6594

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.7.0rc5
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Stefan Metzmacher
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:	14881
Blocks:
	Show dependency tree / graph

Reported:	2017-08-29 15:53 UTC by Stefan Metzmacher
Modified:	2021-11-03 11:53 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Possible patch for master (2.65 KB, patch) 2017-08-29 21:20 UTC, Stefan Metzmacher	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2017-08-29 15:53:28 UTC

It think it's not critical to have a backport of
https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837

See https://lists.samba.org/archive/samba-technical/2017-August/122422.html
for the related discussion.

But if we do a security release we can just include this.

Comment 1 Stefan Metzmacher 2017-08-29 21:20:47 UTC

Created attachment 13514 [details]
Possible patch for master

Comment 2 Stefan Metzmacher 2017-08-30 05:55:50 UTC

As it's not important we defer this to after 4.7.0

Comment 3 Andrew Bartlett 2018-06-18 19:04:05 UTC

My view:

We should revoke the security property of this bug.

Until we have the SID filtering, our inter-forest trusts are only for forests we totally trust, so this is not a security issue. 

It should be fixed before SID filtering is announced as a feature.

Comment 4 Andrew Bartlett 2021-10-19 17:11:06 UTC

G'Day Metze,

Any chance you can look into pushing this into master.  It is already disclosed in Heimdal and we should try to catch up.  

I'm still of the view that all our forests are 100% trusted, if that helps.

Comment 5 Samba QA Contact 2021-10-20 10:59:04 UTC

This bug was referenced in samba master:

7e961f3f7a815960ae25377d5b7515184d439690

Comment 6 Samba QA Contact 2021-10-25 13:06:05 UTC

This bug was referenced in samba v4-15-test:

dc768d84f0210ab9d7bbdc84dae24d23a31dedfe

Comment 7 Samba QA Contact 2021-10-26 13:04:05 UTC

This bug was referenced in samba v4-14-test:

45cd642a45669619b23ecec7f0735dfe9804bb99

Comment 8 Samba QA Contact 2021-10-27 13:22:05 UTC

This bug was referenced in samba v4-14-stable (Release samba-4.14.9):

45cd642a45669619b23ecec7f0735dfe9804bb99

Comment 9 Samba QA Contact 2021-10-27 13:26:48 UTC

This bug was referenced in samba v4-15-stable (Release samba-4.15.1):

dc768d84f0210ab9d7bbdc84dae24d23a31dedfe

Comment 10 Samba QA Contact 2021-10-27 23:30:07 UTC

This bug was referenced in samba v4-13-test:

f7d6826afeafaae83a0164e8713c672e297eab6a

Comment 11 Samba QA Contact 2021-10-29 06:55:20 UTC

This bug was referenced in samba v4-13-stable (Release samba-4.13.13):

f7d6826afeafaae83a0164e8713c672e297eab6a