[PATCH] Regression test for [CVE-2017-11103] Orpheus' Lyre KDC-REP service name validation (mutual auth bypass)
abartlet at samba.org
Sat Oct 14 19:02:41 UTC 2017
On Thu, 2017-09-21 at 19:29 +1200, Andrew Bartlett via samba-technical
> This patch I wrote at the time of dealing with CVE-2017-11103, the
> Orpheus' Lyre KDC-REP service name validation (mutual auth
> bypass) issue. I didn't make it public at the time, but it feels safe
> I want to ensure we don't regress on this again in the future,
> particularly as Gary and I are working to drag our Heimdal branch out
> of the dark ages. (I know this seems like an odd thing to do at this
> point, but I would rather do this now than in a rush later).
> Please review/push!
I know the framework (modifying and checking packets in the send/recv
hook) on which this is based is is really complex code (quite horrible,
really), but can I please get a team review on this patch. I really
want to ensure we don't regress here.
Upstream Heimdal has no framework like Samba's krb5.kdc test, so we do
need to check this in smbtorture.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical