[PATCH] Regression test for [CVE-2017-11103] Orpheus' Lyre KDC-REP service name validation (mutual auth bypass)
Andrew Bartlett
abartlet at samba.org
Thu Sep 21 07:29:13 UTC 2017
G'Day,
This patch I wrote at the time of dealing with CVE-2017-11103, the
Orpheus' Lyre KDC-REP service name validation (mutual auth
bypass) issue. I didn't make it public at the time, but it feels safe
now.
I want to ensure we don't regress on this again in the future,
particularly as Gary and I are working to drag our Heimdal branch out
of the dark ages. (I know this seems like an odd thing to do at this
point, but I would rather do this now than in a rush later).
Please review/push!
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-smbtorture-Add-test-krb5.kdc-to-prove-fix-for-CVE.patch
Type: text/x-patch
Size: 10313 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170921/fda42bff/0001-s4-smbtorture-Add-test-krb5.kdc-to-prove-fix-for-CVE-0001.bin>
More information about the samba-technical
mailing list