diff --git a/CHANGES b/CHANGES index a6b09460cc..07e64b4a0f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.5-792 | 2018-08-01 12:15:31 -0500 + + * fix NTLM NegotiateFlags field offsets (Jeffrey Bencteux) + 2.5-790 | 2018-08-01 11:25:27 -0500 * Fix --with-binpac configure option (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index 0a96ff9b53..67eaa8d910 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5-790 +2.5-792 diff --git a/src/analyzer/protocol/ntlm/ntlm-protocol.pac b/src/analyzer/protocol/ntlm/ntlm-protocol.pac index 8862be1f22..f8784c74c7 100644 --- a/src/analyzer/protocol/ntlm/ntlm-protocol.pac +++ b/src/analyzer/protocol/ntlm/ntlm-protocol.pac @@ -171,7 +171,7 @@ type NTLM_Negotiate_Flags = record { request_non_nt_session_key : bool = (flags & 0x00400000) > 0; negotiate_identify : bool = (flags & 0x00100000) > 0; - negotiate_extended_sessionsecurity : bool = (flags & 0x00040000) > 0; + negotiate_extended_sessionsecurity : bool = (flags & 0x00080000) > 0; target_type_server : bool = (flags & 0x00020000) > 0; target_type_domain : bool = (flags & 0x00010000) > 0; @@ -179,14 +179,14 @@ type NTLM_Negotiate_Flags = record { negotiate_oem_workstation_supplied : bool = (flags & 0x00002000) > 0; negotiate_oem_domain_supplied : bool = (flags & 0x00001000) > 0; - negotiate_anonymous_connection : bool = (flags & 0x00000400) > 0; - negotiate_ntlm : bool = (flags & 0x00000100) > 0; + negotiate_anonymous_connection : bool = (flags & 0x00000800) > 0; + negotiate_ntlm : bool = (flags & 0x00000200) > 0; negotiate_lm_key : bool = (flags & 0x00000080) > 0; negotiate_datagram : bool = (flags & 0x00000040) > 0; negotiate_seal : bool = (flags & 0x00000020) > 0; + negotiate_sign : bool = (flags & 0x00000010) > 0; - negotiate_sign : bool = (flags & 0x00000008) > 0; request_target : bool = (flags & 0x00000004) > 0; negotiate_oem : bool = (flags & 0x00000002) > 0; negotiate_unicode : bool = (flags & 0x00000001) > 0;