[Samba] Samba impact of "ZeroLogin" CVE-2020-1472
Andrew Bartlett
abartlet at samba.org
Fri Sep 18 18:42:16 UTC 2020
On Fri, 2020-09-18 at 15:39 +0200, Marco Gaiarin via samba wrote:
> Mandi! Karolin Seeger via samba
> In chel di` si favelave...
>
> > (Both as classic/NT4-style and active direcory DC.)
>
> I've searched some info on impact of this bug on NT domains, finding
> nothing on the net.
>
> OK, NT domain are dead, i know, but... i seek some feedback.
>
On real NT4 domains?
The particular crypto here was a Windows 2000 thing.
NT4 used 2DES and RC4, which was actually secure for the purpose it was
used for.
On Samba NT4-like domains, see the advisory and read
source3/rpc_server/netlogon/srv_netlogon_nt.c for context.
If you don't have any trusted domains then the big thing is an attacker
being able to remove a member server from the domain, or get session
keys (assisting a takeover 'MITM attack' of an existing session).
Just set 'server schannel = yes' and you will be fine, but better to
already be running a supported version where this is already the
default.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list