Bug 12998 (CVE-2017-6594) - [SECURITY] HEIMDAL:kdc: Fix transit path validation CVE-2017-6594
Summary: [SECURITY] HEIMDAL:kdc: Fix transit path validation CVE-2017-6594
Alias: CVE-2017-6594
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.7.0rc5
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
Depends on: 14881
  Show dependency treegraph
Reported: 2017-08-29 15:53 UTC by Stefan Metzmacher
Modified: 2021-11-03 11:53 UTC (History)
4 users (show)

See Also:

Possible patch for master (2.65 KB, patch)
2017-08-29 21:20 UTC, Stefan Metzmacher
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2017-08-29 15:53:28 UTC
It think it's not critical to have a backport of

See https://lists.samba.org/archive/samba-technical/2017-August/122422.html
for the related discussion.

But if we do a security release we can just include this.
Comment 1 Stefan Metzmacher 2017-08-29 21:20:47 UTC
Created attachment 13514 [details]
Possible patch for master
Comment 2 Stefan Metzmacher 2017-08-30 05:55:50 UTC
As it's not important we defer this to after 4.7.0
Comment 3 Andrew Bartlett 2018-06-18 19:04:05 UTC
My view:

We should revoke the security property of this bug.

Until we have the SID filtering, our inter-forest trusts are only for forests we totally trust, so this is not a security issue. 

It should be fixed before SID filtering is announced as a feature.
Comment 4 Andrew Bartlett 2021-10-19 17:11:06 UTC
G'Day Metze,

Any chance you can look into pushing this into master.  It is already disclosed in Heimdal and we should try to catch up.  

I'm still of the view that all our forests are 100% trusted, if that helps.
Comment 5 Samba QA Contact 2021-10-20 10:59:04 UTC
This bug was referenced in samba master:

Comment 6 Samba QA Contact 2021-10-25 13:06:05 UTC
This bug was referenced in samba v4-15-test:

Comment 7 Samba QA Contact 2021-10-26 13:04:05 UTC
This bug was referenced in samba v4-14-test:

Comment 8 Samba QA Contact 2021-10-27 13:22:05 UTC
This bug was referenced in samba v4-14-stable (Release samba-4.14.9):

Comment 9 Samba QA Contact 2021-10-27 13:26:48 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.1):

Comment 10 Samba QA Contact 2021-10-27 23:30:07 UTC
This bug was referenced in samba v4-13-test:

Comment 11 Samba QA Contact 2021-10-29 06:55:20 UTC
This bug was referenced in samba v4-13-stable (Release samba-4.13.13):