git.samba.org / obnox / samba / samba-obnox.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4106fde) | patch
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
authorStefan Metzmacher <metze@samba.org>
Fri, 20 Nov 2015 10:42:55 +0000 (11:42 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:22 +0000 (19:25 +0200)
commit4ec38db6f17a4f998a8e38291b599dd08b6a6192
tree091b10e11afe6bfd72925a927e9872f192935b98tree
parent4106fde3186e410a32af2fdfc765398c9eb530dccommit | diff
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade

New servers response with SPNEGO_REQUEST_MIC instead of
SPNEGO_ACCEPT_INCOMPLETE to a downgrade.

With just KRB5 and NTLMSSP this doesn't happen, but we
want to be prepared for the future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
auth/gensec/spnego.c diff | blob | history
Michael's Samba GIT