CVE-2014-6324 issued against Microsoft's handling of KDC PAC's.
Dewayne Geraghty
dewayne.geraghty at heuristicsystems.com.au
Thu Nov 20 00:29:15 MST 2014
Does Samba4 handle PAC validation in the same way that Windows 2008/2003
servers, and if so, is samba4/Lorikeet also vulnerable to elevation of
privileges due to the handling of PAC validation of service tickets?
Using this as my starting point,
https://git.samba.org/?p=abartlet/lorikeet-heimdal.git/.git;a=commitdiff;h=685293c35caa3d4fbcfdc4e4df2191bf9680bf87;hp=d7f44d72d7dd8ecbcb334ea011d90d30a0d822af
I started to look at the code, but if I saw an elephant in the room, I
wouldn't recognise it.
Refs:
https://technet.microsoft.com/library/security/MS14-068
http://www.kb.cert.org/vuls/id/213119
Regards, Dewayne
More information about the samba-technical
mailing list