Bug 15219 - Heimdal session key selection in AS-REQ examines wrong entry
Summary: Heimdal session key selection in AS-REQ examines wrong entry
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.15.10
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: CVE-2022-37966
  Show dependency treegraph
 
Reported: 2022-11-01 02:07 UTC by Andrew Bartlett
Modified: 2022-12-16 12:01 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-11-01 02:07:01 UTC
Heimdal tries to find the intersection of the client-specified encryption types in the AS-REQ vs the target server (typically the krbtgt account)'s supported encryption types to create a session key.

However Heimdal historically has examined only the AS-REQ specified encryption types vs the keys stored by the user on the account (which really should only matter for a password-based AS-REQ like ENC-TIMESTAMP).
Comment 1 Samba QA Contact 2022-12-13 14:07:13 UTC
This bug was referenced in samba master:

975e43fc45531fdea14b93a3b1529b3218a177e6
4bb50c868c8ed14372cb7d27e53cdaba265fc33d
f1c5fa28c460f7e011049606b1b9ef96443e5e1f
Comment 2 Samba QA Contact 2022-12-14 10:31:55 UTC
This bug was referenced in samba v4-15-test:

1e32bfc0fdd5394268eb86f60de521722f783a50
a7e2f5d32e59758ca714e292e3aa0e51821a9d43
0d7dc04404dee3f1ddce219f3ed1db736716eef7
Comment 3 Samba QA Contact 2022-12-14 11:34:29 UTC
This bug was referenced in samba v4-16-test:

a836bcf22ce87cf93e7d3cbf975d1baaa8f32c3b
c13c60ffbf7f86011594268cc48a1f9f1991f664
b40b03d0601394cc3a8e7923229aa8d53b2d815f
Comment 4 Samba QA Contact 2022-12-14 12:41:21 UTC
This bug was referenced in samba v4-17-test:

71e538e7e03b0624a8f094c506cde7a3e604bf3e
82f3c2876a80fa58425db3ee0ab15900680fe0ba
d7efa582a41082d87c844461342e1f9e3ca932a3
Comment 5 Samba QA Contact 2022-12-15 16:33:00 UTC
This bug was referenced in samba v4-16-stable (Release samba-4.16.8):

a836bcf22ce87cf93e7d3cbf975d1baaa8f32c3b
c13c60ffbf7f86011594268cc48a1f9f1991f664
b40b03d0601394cc3a8e7923229aa8d53b2d815f
Comment 6 Samba QA Contact 2022-12-15 16:34:18 UTC
This bug was referenced in samba v4-17-stable (Release samba-4.17.4):

71e538e7e03b0624a8f094c506cde7a3e604bf3e
82f3c2876a80fa58425db3ee0ab15900680fe0ba
d7efa582a41082d87c844461342e1f9e3ca932a3
Comment 7 Samba QA Contact 2022-12-15 16:35:48 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.13):

1e32bfc0fdd5394268eb86f60de521722f783a50
a7e2f5d32e59758ca714e292e3aa0e51821a9d43
0d7dc04404dee3f1ddce219f3ed1db736716eef7