Univention Bugzilla – Bug 49490
Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum
Last modified: 2019-06-04 13:53:49 CEST
The checksum validation in the S4U2Self handler in the embedded Heimdal KDC did not first confirm that the checksum was keyed, allowing replacement of the requested target (client) principal.
Request to include the patch in UCS Samba4.
Samba 4.10.1 (with patch for CVE-2018-16860) is to be released with Bug #49479 for UCS 4.3-4.
*** This bug has been marked as a duplicate of bug 49479 ***
Correction: This is already fixed in UCS.
Fix for UCS 4.4 is: http://errata.software-univention.de/ucs/4.4/91.html (bug 49432)
Fix for UCS 4.3 is: http://errata.software-univention.de/ucs/4.3/497.html (bug 49433)
*** This bug has been marked as a duplicate of bug 49432 ***