s4-smbtorture: Show that the KDC provides no protection from CVE-2017-11103

Enterprise / Samba - Andrew Bartlett [samba.org] - 2 November 2017 06:16 EDT

The server name in the AS-REQ is unprotected, sadly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894

dc3adc898e9 s4-smbtorture: Show that the KDC provides no protection from CVE-2017-11103
source4/torture/krb5/kdc-heimdal.c | 109 +++++++++++++++++++++++++++++++++----
1 file changed, 99 insertions(+), 10 deletions(-)

Upstream: gitweb.samba.org


  • Share