[Samba] Does CVE-2020-1472 impact samba AD domains?
Andrew Bartlett
abartlet at samba.org
Wed Sep 16 08:13:27 UTC 2020
On Tue, 2020-09-15 at 19:33 -0400, Tom Diehl via samba wrote:
> Hi,
>
> I saw
> https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/
> and
> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
> today and I am wondering what impact if any this has on samba AD
> domains in
> particular and samba in general?
We expect it would be catastrophic for domains, such as those running
Samba 4.7 and earlier, that have 'server schannel = auto'.
I've not run a full exploit against Samba, but spent this afternoon in
the code and can't find any mitigating factors so far. :-(
> Is samba using the "vulnerable Netlogon secure channel connection"?
> Will samba
> continue to work in mixed windows AD DCs and samba AD DCs after the
> second release that
> is planned for Q1 2021 by MS?
Samba has used, and since Samba 4.8 enforced by default RPC level
protection for the "Netlogon secure channel". We call this schannel
and the default is 'server schannel = yes'.
We didn't have any particular insight but after the big push around
'badlock' we required session-level integrity on all our connections by
default, which has saved some drama here.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list