[PATCH] Regression test for [CVE-2017-11103] Orpheus' Lyre KDC-REP service name validation (mutual auth bypass)

Andrew Bartlett abartlet at samba.org
Thu Sep 21 07:29:13 UTC 2017


G'Day,

This patch I wrote at the time of dealing with CVE-2017-11103, the
Orpheus' Lyre KDC-REP service name validation (mutual auth
bypass) issue.  I didn't make it public at the time, but it feels safe
now.

I want to ensure we don't regress on this again in the future,
particularly as Gary and I are working to drag our Heimdal branch out
of the dark ages.  (I know this seems like an odd thing to do at this
point, but I would rather do this now than in a rush later). 

Please review/push!

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-smbtorture-Add-test-krb5.kdc-to-prove-fix-for-CVE.patch
Type: text/x-patch
Size: 10313 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170921/fda42bff/0001-s4-smbtorture-Add-test-krb5.kdc-to-prove-fix-for-CVE-0001.bin>


More information about the samba-technical mailing list