[Samba] Does CVE-2020-1472 impact samba AD domains?

banda bassotti bandabasotti at gmail.com
Wed Sep 16 04:13:35 UTC 2020 

Yes

$ ./zerologon_tester.py ap42 192.168.1.2
Performing authentication attempts...
========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
Success! DC can be fully compromised by a Zerologon attack.

$ dpkg -l samba\*|grep ^i
ii  samba                    2:4.11.12+dfsg-0.1bionic1 amd64
 SMB/CIFS file, print, and login server for Unix
ii  samba-common             2:4.11.12+dfsg-0.1bionic1 all          common
files used by both the Samba server and client
ii  samba-common-bin         2:4.11.12+dfsg-0.1bionic1 amd64        Samba
common files used by both the server and the client
ii  samba-dsdb-modules:amd64 2:4.11.12+dfsg-0.1bionic1 amd64        Samba
Directory Services Database
ii  samba-libs:amd64         2:4.11.12+dfsg-0.1bionic1 amd64        Samba
core libraries
ii  samba-vfs-modules:amd64  2:4.11.12+dfsg-0.1bionic1 amd64        Samba
Virtual FileSystem plugins

Il giorno mer 16 set 2020 alle ore 01:33 Tom Diehl via samba <
samba at lists.samba.org> ha scritto:

> Hi,
>
> I saw
> https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/
> and
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
> today and I am wondering what impact if any this has on samba AD domains in
> particular and samba in general?
>
> Is samba using the "vulnerable Netlogon secure channel connection"? Will
> samba
> continue to work in mixed windows AD DCs and samba AD DCs after the second
> release that
> is planned for Q1 2021 by MS?
>
> Regards,
>
> --
> Tom                     me at tdiehl.org
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list