[Samba] Does CVE-2020-1472 impact samba AD domains?
banda bassotti
bandabasotti at gmail.com
Wed Sep 16 04:13:35 UTC 2020
Yes
$ ./zerologon_tester.py ap42 192.168.1.2
Performing authentication attempts...
========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
Success! DC can be fully compromised by a Zerologon attack.
$ dpkg -l samba\*|grep ^i
ii samba 2:4.11.12+dfsg-0.1bionic1 amd64
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.11.12+dfsg-0.1bionic1 all common
files used by both the Samba server and client
ii samba-common-bin 2:4.11.12+dfsg-0.1bionic1 amd64 Samba
common files used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.11.12+dfsg-0.1bionic1 amd64 Samba
Directory Services Database
ii samba-libs:amd64 2:4.11.12+dfsg-0.1bionic1 amd64 Samba
core libraries
ii samba-vfs-modules:amd64 2:4.11.12+dfsg-0.1bionic1 amd64 Samba
Virtual FileSystem plugins
Il giorno mer 16 set 2020 alle ore 01:33 Tom Diehl via samba <
samba at lists.samba.org> ha scritto:
> Hi,
>
> I saw
> https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/
> and
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
> today and I am wondering what impact if any this has on samba AD domains in
> particular and samba in general?
>
> Is samba using the "vulnerable Netlogon secure channel connection"? Will
> samba
> continue to work in mixed windows AD DCs and samba AD DCs after the second
> release that
> is planned for Q1 2021 by MS?
>
> Regards,
>
> --
> Tom me at tdiehl.org
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list