CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
authorStefan Metzmacher <metze@samba.org>
Tue, 14 Jul 2015 07:13:00 +0000 (09:13 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:27 +0000 (19:25 +0200)
commit80dae9afda18724935c2ab006db509ddbb8a66e5
tree2ebd73e22434ab0cef718fb69b3f5db729407cf6
parent51aa7bd3115d2962bc2f6f8c1ea2fa80998d119f
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY

This matches windows and prevents man in the middle downgrade attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
selftest/knownfail
source4/rpc_server/drsuapi/dcesrv_drsuapi.c
source4/selftest/tests.py