[cifs-protocol] [EXTERNAL] Looking for missing documentation (MS-KILE?) for CVE-2024-21427 - TrackingID#2404090040000707
Obaid Farooqi
obaidf at microsoft.com
Wed Apr 24 20:44:25 UTC 2024
Hi Andrew:
For the questions posed below by you, we have finished our investigation.
CVE-2024-21427: There is no on the wire changes; 21427 made sure we enforced auth silo checks on AS-REQs when they weren't to KRBTGT. We already enforced them on TGS.
CVE-2024-20674: There is no on the wire changes; 20674 was a logic failure in our parsing of an error code.
PAC signature changes: Paul provided you with the file with structures and details in a meeting.
Please let me know if this does not answer you questions.
Regards,
Obaid Farooqi
Escalation Engineer | Microsoft
From: Jeff McCashland (He/him) <jeffm at microsoft.com>
Sent: Monday, April 8, 2024 9:25 PM
To: Andrew Bartlett <abartlet at samba.org>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
Subject: Re: [EXTERNAL] Looking for missing documentation (MS-KILE?) for CVE-2024-21427 - TrackingID#2404090040000707
[DocHelp to BCC, support on CC, SR ID on Subject]
Hi Andrew,
Thank you for your questions. I will respond to this email 3 times to create a separate thread (and SR ID) for each of these questions.
We have created SR 2404090040000707 to track the question about CVE-2024-21427. One of our engineers will respond.
Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
________________________________
From: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Sent: Monday, April 8, 2024 4:26 PM
To: Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Subject: [EXTERNAL] Looking for missing documentation (MS-KILE?) for CVE-2024-21427, CVE-2024-20674 and PAC signature changes
Kia Ora Dochelp,
Recently we have seen CVE-2024-21427 and CVE-2024-20674 issued.
The first CVE-2024-21427, we know what the details are from our report, but we don't have details of the protocol change from the MS side, so would like the full details in case there were protocol changes we didn't anticipate.
We don't have any details of the protocol changes for CVE-2024-20674, and as it is marked Critical we would like to ensure we don't have a similar issue or can follow any protocol changes made for interoperability.
Finally, we have noticed in November (or earlier) that the Server signature in the Kerberos PAC is no longer RC4_HMAC, even with RC4 tickets. This makes a lot of sense, but I don't see any documentation and I would like to update our implementation to match.
We would greatly appreciate any information that is available on these recent Kerberos protocol changes.
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org<https://samba.org/>
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20240424/953e9c71/attachment.htm>
More information about the cifs-protocol
mailing list