Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: abergm...@suse.com (Alexander Bergmann)
Newsgroups: comp.protocols.kerberos
Subject: 3 kerberos security issues
Date: Fri, 1 Mar 2024 13:13:05 +0100
Organization: TNet Consulting
Lines: 38
Message-ID: <mailman.31.1709321456.2322.kerberos@mit.edu>
References: <20240301121305.s76fxuoesmnupbuw@castor>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="nl2vzqc6b3tqrsag"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="19762"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: kerberos@mit.edu
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=ujotmTiR;
dkim=pass (1024-bit key, unprotected) header.d=suse.com header.i=@suse.com
header.a=rsa-sha256 header.s=susede1 header.b=s++1McJt;
dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com
header.a=rsa-sha256 header.s=susede1 header.b=jkiyoG77
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=YuS4vBiOSa19FieolwdJfOe1PnDraKKhgJlnMh9fczu4K+Wwkm8n9mXxU6iv6bxRg04JymQ/4YgnINSONF/fkLubzG6bNxpfEko9DaP5tC/88gyJVzMdNd+Pn9Ivd36HXyf/j4BWx6kNvoOiNyBMkgg6QWYs8CWUeICi9ZdnZrRFKzDhQaMDRJgcVZjZDllybBXUwSOvxbMElGvh0IGE8KZ7xNBBWd8Rijvg6A3ZHBl62tmx4TfRVGrEST//cMix4/q/QzgjbDeQEsU0Gr7iOL7tYtduItxTIZFSy5QOgE2CzfL4RQHE070hWMByb3/f9/k02o9etYn6APVBJSK02A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=BiKgSat43z3PHje2mXrh9I0N6rmAkc/n0H32Bd+n0J0=;
b=eqteeaVFIbby+oMFGJ/PNGET9JGeYxAioYfHaZPopIjhkKopw8DAiEuXlGbbxNW56hbOW6pp5DrExo9i8z9CYxWJqygcC6/rvvRClozAz6tdw/1m9Kod3tavbE0K/vKl/6BGfPMa1Dlx7GiBKpiyWDr5TAXhQxAMKta9erlvV1XOtxBExdJXD847vS3LZf9obPwMBCCMJnyl40FnJUI9YvxqyEK6l2hPEWpJiKimH27+7n8QtdjaZOQ1BATkGwGMrKRR+4MzPJMA5k2u4hE4Ce2H0lVOkki3F0KQYc9c3R5plWaeUa2mHkQ6McFjIuwRQrG8824shjYaIGNzQx+THw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
195.135.223.131) smtp.rcpttodomain=mit.edu smtp.mailfrom=suse.com; dmarc=pass
(p=quarantine sp=quarantine pct=100) action=none header.from=suse.com;
dkim=pass (signature was verified) header.d=suse.com; dkim=pass (signature
was verified) header.d=suse.com; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=BiKgSat43z3PHje2mXrh9I0N6rmAkc/n0H32Bd+n0J0=;
b=ujotmTiROvU05ZN5gMNla/rHC2m6rg8G5iIs6AOgpNRnxbfg6GLPXLhg3mVRuvtjvGLBEDCQ9paUUQnOjg5uQIt45J5ZhngepTWz/si9w7reiQhLGvWXlHwKrBY0qdYFxkBvuc20R1khcgQvWex8g5BzqYPYZYZKqc9tDkSjhtg=
Authentication-Results: spf=pass (sender IP is 195.135.223.131)
smtp.mailfrom=suse.com; dkim=pass (signature was verified)
header.d=suse.com;dmarc=pass action=none header.from=suse.com;
Received-SPF: Pass (protection.outlook.com: domain of suse.com designates
195.135.223.131 as permitted sender) receiver=protection.outlook.com;
client-ip=195.135.223.131; helo=smtp-out2.suse.de; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
t=1709295191; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:
mime-version:mime-version:content-type:content-type;
bh=BiKgSat43z3PHje2mXrh9I0N6rmAkc/n0H32Bd+n0J0=;
b=s++1McJtrOQfqIMQu9kD2Lm15nYoK6NljnTsJHqeNtmSUTT7wK+zAnkyjYwf3AGMyPkFIt
Ahuya7dUDMLwkj0V7BA/0klxeQZ7L1o29Vck7KLL8emmGDetrITQrmYyCk6NU4UlzJPQsU
AoVbWujOXwNj8O+GZ3PQZaeUNaCu4So=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
t=1709295189; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:
mime-version:mime-version:content-type:content-type;
bh=BiKgSat43z3PHje2mXrh9I0N6rmAkc/n0H32Bd+n0J0=;
b=jkiyoG77w6VqKzvr0fDmdFPYpK+iRB9dhAhnKbL6H5My+PlT4twnQ0BmCMFDegae1IU5ES
xlccOACLTbPOiXd3RXWdjH7QU+XLOQHjpGgyZyogXFQ84ponThvzIt7reWnMlHkd1Gvz/4
3uENZLPOi/8oce9rVjuJms+a+4S4GTo=
Content-Disposition: inline
Authentication-Results-Original: smtp-out2.suse.de; none
X-Spamd-Result: default: False [-4.13 / 50.00]; ARC_NA(0.00)[];
RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[];
MIME_GOOD(-0.20)[multipart/signed,text/plain];
PREVIOUSLY_DELIVERED(0.00)[kerberos@mit.edu];
TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
RCVD_COUNT_THREE(0.00)[3];
DKIM_SIGNED(0.00)[suse.com:s=susede1];
DBL_BLOCKED_OPENRESOLVER(0.00)[suse.com:email,nist.gov:url];
SIGNED_PGP(-2.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com];
FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[];
BAYES_HAM(-2.43)[97.37%]
X-Spam-Level:
X-Spam-Flag: NO
X-Spam-Score: -4.13
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS3PEPF000099DE:EE_|IA0PR01MB8587:EE_
X-MS-Office365-Filtering-Correlation-Id: 8fcec27e-5479-4ed2-e4f8-08dc39e8f7bc
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: qbAlPFUCdgSg7rKMwzocNGjGEuGZtQRhPPdN6wNx2srBsAdeIncGsC6Va1GDPnRQptEVh5Gk2LJJ4EVDGzmf1NOj+H1487TzU5+lXB0yaj8lgvyO3lCI1ZHk4RsNFCA0C9T/3Bxrc9b7c78jryY7HBhYP6K4vA0wXq1EIUW98gY0bFVefmlxImmTBBqICJ7fbsb25Zl89gp0WzVzfvOQnBH9pMT6LiJpabsNACUucZWP7gBbVFx5ckckZ2RhdB1eQBRNszDcrNJkNeUK4QWakGX2WJl2pS4xuDZy1gAvmE6vmIkCUBdi2hFuVhSVV86pLAsTX9aVRY3ey3iWNF8ATdjtmeqfhFUL3U8KbTNkI/6k2KXLcZMIdPnBn+S+3RqxEK1DSVztVtu85e3ZN48cehoJvdbieVXq6jlsNzi1aC3TreP43INZ/rZ7M4P9Ho2OstLnVBBcSKlTAsYDnRO91bi2c7zoRcWFt06J5L/hJ01Z0azqC1lC+aoE8WehSmu1QYUlI09ScNA8z8fgbr7ksMXoaHvum8S1KscixQHIo2QXwj4pplS30z1ZQyWbfrsMqiYOnhaKb9Jb0tHog4N1JstmbCoB9bGc7T2JFrN4k6ZEyI0im503IjViZJOKP3ecwJFs8flOVCnd6OL2bJi+x2aLkg++8Vy1uFK0wn+J2Vzm0QQeDWjkKlph97Airnbb
X-Forefront-Antispam-Report: CIP:195.135.223.131; CTRY:DE; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:smtp-out2.suse.de; PTR:smtp-out2.suse.de; CAT:NONE;
SFS:(13230031)(61400799018); DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2024 12:13:12.8346 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8fcec27e-5479-4ed2-e4f8-08dc39e8f7bc
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DE.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR01MB8587
X-Mailman-Approved-At: Fri, 01 Mar 2024 14:30:55 -0500
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <20240301121305.s76fxuoesmnupbuw@castor>