abartlet at samba.org
Sun Jun 26 01:50:13 UTC 2016
On Sat, 2016-06-25 at 17:51 +0000, vishal wrote:
> == CVE ID#: CVE-2016-2110
> == Versions: Samba 3.0.0 to 4.4.0
> == Summary: The feature negotiation of NTLMSSP is not
> == downgrade protected. A man in the middle is
> == able to clear even required flags, especially
> == NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
> == Which has implications on encrypted LDAP traffic.
> Can you confirm if this vulnerability is for cifs client to samba
> server or samba to Active directory as this talks about LDAP traffic?
LDAP. SMB doesn't use the flags negotiated here, but its own
negotiation (happily in this case, but sadly in general as every
special hack ends up coming back to bite us...).
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical