Good afternoon,
On September 14th, 2020, Secura unveiled a vulnerability in the Windows
NetLogon protocol, dubbed "ZeroLogon". The vulnerability is described as
follows in the description at NIST.gov [1]:
"An elevation of privilege vulnerability exists when an attacker
establishes a vulnerable Netlogon secure channel connection to a domain
controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon
Elevation of Privilege Vulnerability'."
Since this is a protocol level vulnerability in the NETLOGON protocol,
Samba is also affected [3]. While our configuration is not directly
affected for the File and Print server side, additional configuration
changes may need to be made in order to continue to talk to domain
controllers on a network. If you're running Samba in a corporate
environment, this affects you the most. However, changes are being made
on the client side as well to force secure connections by default in
Windows, and this version of Samba also implements support for that
modification of the protocol. The Samba developers offer advice on this
in [5].
Due to the severity of this vulnerability (scores 10.0 on a CVSSv3
scale), it's recommended that you update to Samba-4.12.7 as soon as
possible, both in order to protect your system if you are running the
File Server component (additional checks are put in place, and a
proof-of-concept exploit is available [6]), and to allow the client to
continue function if you're connecting to a Windows-based server for
file shares. If you'd rather continue to use 4.12.6, a patch is
available from the Samba team at [4].
In terms of build instructions, there are no changes required. Important
statistics include:
Download URL: https://www.samba.org/ftp/samba/stable/samba-4.12.7.tar.gz
MD5SUM: 9f61a0ef23942179daad637ea84b7f37
Also, please note that ZeroLogon has a test in the quicktest suite of
Samba now. Here's an additional email from Samba's security team [7]
which provides further guidance and information. The bug report can be
found at [8]. The update to Samba-4.12.7 will appear in the next render
of the book, and an errata entry has been published.
Thank you,
Douglas R. Reno
LINKS:
[1]: NVD - CVE-2020-1472 [https://nvd.nist.gov/vuln/detail/CVE-2020-1472]
[2]: CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability
[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472]
[3]: Samba 4.12.7 - Release Notes
[https://www.samba.org/samba/history/samba-4.12.7.html]
[4]:
https://download.samba.org/pub/samba/patches/samba-4.12.6-4.12.7.diffs.gz
[5]: Samba - Security Announcement Archive
[https://www.samba.org/samba/security/CVE-2020-1472.html]
[6]: Zerologon Proof Of Concept = Packet Storm
[https://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html]
[7]: oss-security - Samba and CVE-2020-1472 ("Zerologon")
[https://www.openwall.com/lists/oss-security/2020/09/17/2]
[8]: 14497 - (CVE-2020-1472)[CVE-2020-1472][SECURITY] Samba impact of
"ZeroLogon" [https://bugzilla.samba.org/show_bug.cgi?id=14497]
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
