CVE-2014-6324 issued against Microsoft's handling of KDC PAC's.

Dewayne Geraghty dewayne.geraghty at
Thu Nov 20 00:29:15 MST 2014

Does Samba4 handle PAC validation in the same way that Windows 2008/2003
servers, and if so, is samba4/Lorikeet also vulnerable to elevation of
privileges due to the handling of PAC validation of service tickets?

Using this as my starting point,;a=commitdiff;h=685293c35caa3d4fbcfdc4e4df2191bf9680bf87;hp=d7f44d72d7dd8ecbcb334ea011d90d30a0d822af 

I started to look at the code, but if I saw an elephant in the room, I
wouldn't recognise it.


Regards, Dewayne

More information about the samba-technical mailing list