[PATCH] Regression test for [CVE-2017-11103] Orpheus' Lyre KDC-REP service name validation (mutual auth bypass)

Andrew Bartlett abartlet at samba.org
Fri Sep 22 07:31:07 UTC 2017

On Fri, 2017-09-22 at 09:10 +0200, Stefan Metzmacher wrote:
> Am 21.09.2017 um 09:29 schrieb Andrew Bartlett via samba-technical:
> > G'Day,
> > 
> > This patch I wrote at the time of dealing with CVE-2017-11103, the
> > Orpheus' Lyre KDC-REP service name validation (mutual auth
> > bypass) issue.  I didn't make it public at the time, but it feels safe
> > now.
> > 
> > I want to ensure we don't regress on this again in the future,
> > particularly as Gary and I are working to drag our Heimdal branch out
> > of the dark ages.  (I know this seems like an odd thing to do at this
> > point, but I would rather do this now than in a rush later). 
> I just noticed
> http://git.catalyst.net.nz/gw?p=samba.git;a=shortlog;h=refs/heads/import-lorikeet-heimdal-201709200427-2
> I also tried this a few weeks ago, maybe you can find some useful
> patches here:
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-heimdal2
> and here:
> https://git.samba.org/?p=metze/heimdal/wip.git;a=summary

Thanks.  We saw your branch on the heimdal side, but I didn't notice
the Samba side.  

Do let me know if you have any hints on the things needed for Win2012
support (FAST et al) as that is the goal of this effort.

> Here're also some branches with open pull requests for
> the main heimdal tree:
> https://github.com/metze-samba/heimdal/branches


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list