| commit | d9de103cc587aa98e0e79781bcb387dac4ee1302 | |
| author | Luke Howard <lukeh@padl.com> | |
| Fri, 27 Aug 2021 01:42:48 +0000 (27 11:42 +1000) | ||
| committer | Jule Anger <janger@samba.org> | |
| Wed, 8 Sep 2021 12:32:11 +0000 (8 12:32 +0000) | ||
| tree | ddf7c427f966fc4dc5403f2de2a91d36022afeb7 | treesnapshot (tar.gz zip) |
| parent | 1ae386bf72564850f0660eb4d9b74076ed74bd91 | commitdiff |
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
[abartlet@samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0cb4b939f192376bf5e33637863a91a20f74c5a5)
In tgs_build_reply(), validate the server name in the TGS-REQ is present before
dereferencing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
[abartlet@samba.org backported from from Heimdal
commit 04171147948d0a3636bc6374181926f0fb2ec83a via reference
to an earlier patch by Joseph Sutton]
RN: An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0cb4b939f192376bf5e33637863a91a20f74c5a5)
| source4/heimdal/kdc/krb5tgs.c | diffblobblamehistory |