CVE-2014-6324 issued against Microsoft's handling of KDC PAC's.
Jeremy Allison
jra at samba.org
Thu Nov 20 09:50:44 MST 2014
On Thu, Nov 20, 2014 at 06:29:15PM +1100, Dewayne Geraghty wrote:
> Does Samba4 handle PAC validation in the same way that Windows 2008/2003
> servers, and if so, is samba4/Lorikeet also vulnerable to elevation of
> privileges due to the handling of PAC validation of service tickets?
>
> Using this as my starting point,
> https://git.samba.org/?p=abartlet/lorikeet-heimdal.git/.git;a=commitdiff;h=685293c35caa3d4fbcfdc4e4df2191bf9680bf87;hp=d7f44d72d7dd8ecbcb334ea011d90d30a0d822af
>
> I started to look at the code, but if I saw an elephant in the room, I
> wouldn't recognise it.
>
> Refs:
> https://technet.microsoft.com/library/security/MS14-068
> http://www.kb.cert.org/vuls/id/213119
Microsoft hasn't notified us of a problem (which I
would expect them to do as a courtesy if our code had
the same problem (we do this for them), so my guess
is we're not vulnerable.
Until we know the exact details of the exploit however,
we're still stumbling around in the dark until we know
exactly what to look for.
Jeremy.
More information about the samba-technical
mailing list