[PATCH] Regression test for [CVE-2017-11103] Orpheus' Lyre KDC-REP service name validation (mutual auth bypass)
Stefan Metzmacher
metze at samba.org
Fri Sep 22 07:10:01 UTC 2017
Am 21.09.2017 um 09:29 schrieb Andrew Bartlett via samba-technical:
> G'Day,
>
> This patch I wrote at the time of dealing with CVE-2017-11103, the
> Orpheus' Lyre KDC-REP service name validation (mutual auth
> bypass) issue. I didn't make it public at the time, but it feels safe
> now.
>
> I want to ensure we don't regress on this again in the future,
> particularly as Gary and I are working to drag our Heimdal branch out
> of the dark ages. (I know this seems like an odd thing to do at this
> point, but I would rather do this now than in a rush later).
I just noticed
http://git.catalyst.net.nz/gw?p=samba.git;a=shortlog;h=refs/heads/import-lorikeet-heimdal-201709200427-2
I also tried this a few weeks ago, maybe you can find some useful
patches here:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-heimdal2
and here:
https://git.samba.org/?p=metze/heimdal/wip.git;a=summary
Here're also some branches with open pull requests for
the main heimdal tree:
https://github.com/metze-samba/heimdal/branches
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170922/dfb239d7/signature.sig>
More information about the samba-technical
mailing list