1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4/heimdal
Viktor Dukhovni 7e961f3f7a HEIMDAL:kdc: Fix transit path validation CVE-2017-6594
Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm
to not be added to the transit path of issued tickets.  This may, in
some cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2.

Note, this may break sites that rely on the bug.  With the bug some
incomplete [capaths] worked, that should not have.  These may now break
authentication in some cross-realm configurations.

(similar to heimdal commit b1e699103f08d6a0ca46a122193c9da65f6cf837)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12998

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 20 10:58:37 UTC 2021 on sn-devel-184
2021-10-20 10:58:37 +00:00
..
base Correct "relase" typos. 2017-02-22 08:26:23 +01:00
cf
include
kdc HEIMDAL:kdc: Fix transit path validation CVE-2017-6594 2021-10-20 10:58:37 +00:00
kpasswd
kuser
lib krb5: Fix PAC signature leak affecting KDC 2021-10-14 18:59:32 +00:00
HEIMDAL-LICENCE.txt
README

Heimdal is a Kerberos 5 implementation.

For information how to install see <http://www.h5l.org/compile.html>.

There are briefer man pages for most of the commands.

Bug reports and bugs are appreciated, see more under Bug reports in
the manual on how we prefer them: <heimdal-bugs@h5l.org>.

For more information see the web-page at
<http://www.h5l.org/> or the mailing lists:

heimdal-announce@sics.se	low-volume announcement
heimdal-discuss@sics.se		high-volume discussion

send a mail to heimdal-announce-request@sics.se and
heimdal-discuss-request@sics.se respectively to subscribe.