[Samba] Samba impact of "ZeroLogin" CVE-2020-1472
Andrew Bartlett
abartlet at samba.org
Wed Sep 23 04:59:06 UTC 2020
On Tue, 2020-09-22 at 18:43 +0200, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
> In chel di` si favelave...
>
> > If you don't have any trusted domains then the big thing is an
> > attacker
> > being able to remove a member server from the domain, or get
> > session
> > keys (assisting a takeover 'MITM attack' of an existing session).
>
> So, effectively, on NT domain the attack surface of the bug is
> reduced?
On Samba NT domains, yes. Real NT domains never implemented the broken
crypto (but I'm sure are a pushover to break into anyway).
> If i've understood well the paper, in AD (but speak only about
> Microsoft AD DC, if again i've understood well) an attacker can
> completely take over the domain, escalating until Administrator's
> credential.
Yes.
> In NT mode this is not effectively possible?
In short yes.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list