| commit | a67cda7159f3c7e9c381a13705011dd9c93742ae | |
| author | Luke Howard <lukeh@padl.com> | |
| Fri, 27 Aug 2021 01:42:48 +0000 (27 11:42 +1000) | ||
| committer | Jule Anger <janger@samba.org> | |
| Thu, 16 Sep 2021 08:07:12 +0000 (16 08:07 +0000) | ||
| tree | 7e8f5e6d47105385dbe1c57b424ae2472ce542f6 | treesnapshot (tar.gz zip) |
| parent | 95de6d138adcd6f3fb5d098f5e13636910a3e0f7 | commitdiff |
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
[abartlet@samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0cb4b939f192376bf5e33637863a91a20f74c5a5)
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
[abartlet@samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0cb4b939f192376bf5e33637863a91a20f74c5a5)
| source4/heimdal/kdc/krb5tgs.c | diffblobblamehistory |