samba.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Joseph Sutton <josephsutton@catalyst.net.nz>	2022-05-24 17:52:05 +1200
committer	Jule Anger <janger@samba.org>	2022-07-27 10:52:36 +0000
commit	bbad8f1de43d643e20f1a71c3466f08ed7c9d480 (patch)
tree	95cd2dd4236e258aefeb65cf3148d7f57b6b1c6f /python
parent	ffb599050ae2c1b9d0746addfdac1e41866aa819 (diff)
download	samba-bbad8f1de43d643e20f1a71c3466f08ed7c9d480.tar.gz samba-bbad8f1de43d643e20f1a71c3466f08ed7c9d480.tar.bz2 samba-bbad8f1de43d643e20f1a71c3466f08ed7c9d480.zip

CVE-2022-32744 s4:kdc: Don't allow HDB keytab iteration

A fallback in krb5_rd_req_ctx() means that Samba's kpasswd service will try many inappropriate keys to decrypt the ticket supplied to it. For example, it will accept a ticket encrypted with the Administrator's key, when it should rather accept only tickets encrypted with the krbtgt's key (and not an RODC krbtgt). To fix this, declare the HDB keytab using the HDBGET ops, which do not support iteration. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>

Diffstat (limited to 'python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: