[cifs-protocol] Looking for missing documentation (MS-KILE?) for CVE-2024-21427, CVE-2024-20674 and PAC signature changes
Andrew Bartlett
abartlet at samba.org
Mon Apr 8 23:26:30 UTC 2024
Kia Ora Dochelp,
Recently we have seen CVE-2024-21427 and CVE-2024-20674 issued.
The first CVE-2024-21427, we know what the details are from our report,
but we don't have details of the protocol change from the MS side, so
would like the full details in case there were protocol changes we
didn't anticipate.
We don't have any details of the protocol changes for CVE-2024-20674,
and as it is marked Critical we would like to ensure we don't have a
similar issue or can follow any protocol changes made for
interoperability.
Finally, we have noticed in November (or earlier) that the Server
signature in the Kerberos PAC is no longer RC4_HMAC, even with RC4
tickets. This makes a lot of sense, but I don't see any documentation
and I would like to update our implementation to match.
We would greatly appreciate any information that is available on these
recent Kerberos protocol changes.
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240409/206df2be/attachment.htm>
More information about the cifs-protocol
mailing list