[cifs-protocol] Looking for missing documentation (MS-KILE?) for CVE-2024-21427, CVE-2024-20674 and PAC signature changes

[Andrew Bartlett]

Kia Ora Dochelp,

Recently we have seen CVE-2024-21427 and CVE-2024-20674 issued.

The first CVE-2024-21427, we know what the details are from our report,
but we don't have details of the protocol change from the MS side, so
would like the full details in case there were protocol changes we
didn't anticipate. 

We don't have any details of the protocol changes for CVE-2024-20674,
and as it is marked Critical we would like to ensure we don't have a
similar issue or can follow any protocol changes made for
interoperability. 


Finally, we have noticed in November (or earlier) that the Server
signature in the Kerberos PAC is no longer RC4_HMAC, even with RC4
tickets.  This makes a lot of sense, but I don't see any documentation
and I would like to update our implementation to match.


We would greatly appreciate any information that is available on these
recent Kerberos protocol changes. 


Thanks,

Andrew Bartlett
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd


Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240409/206df2be/attachment.htm>