Subject: [ASA-202009-17] samba: access restriction bypass Arch Linux Security Advisory ASA-202009-17 ========================================== Severity: Medium Date : 2020-09-29 CVE-ID : CVE-2020-1472 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1236 Summary ======= The package samba before version 4.13.0-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 4.13.0-1. # pacman -Syu "samba>=4.13.0-1" The problem has been fixed upstream in version 4.13.0. Workaround ========== Ensure you do not have an schannel directive and if you do make sure it's either = yes or = auto. Description =========== A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS- NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Impact ====== An unauthenticated attacker can gain administrator access through crafted traffic, if the samba server is configured to run with a vulnerable schannel directive. References ========== https://bugs.archlinux.org/task/67983 https://www.samba.org/samba/security/CVE-2020-1472.html https://security.archlinux.org/CVE-2020-1472