CVE-2020-1472 - log back

CVE-2020-1472 edited at 29 Sep 2020 18:41:34
Severity
- Critical
+ Medium
CVE-2020-1472 edited at 29 Sep 2020 17:13:19
Description
+ A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- An issue has been found in Samba 4.0 and later, where an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw, but only when used as domain controller.
-
- Since version 4.8 (released in March 2018), the default behaviour of Samba has been to insist on a secure netlogon channel, which is a sufficient fix against the known exploits. This default is equivalent to having 'server schannel = yes' in the smb.conf.
-
- Therefore versions 4.8 and above are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'.
-
- Samba versions 4.7 and below are vulnerable unless they have 'server schannel = yes' in the smb.conf.
CVE-2020-1472 edited at 29 Sep 2020 17:01:00
Description
- An issue has been found in Samba 4.0 and later, where an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw., but only when used as domain controller.
+ An issue has been found in Samba 4.0 and later, where an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw, but only when used as domain controller.
Since version 4.8 (released in March 2018), the default behaviour of Samba has been to insist on a secure netlogon channel, which is a sufficient fix against the known exploits. This default is equivalent to having 'server schannel = yes' in the smb.conf.
Therefore versions 4.8 and above are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'.
Samba versions 4.7 and below are vulnerable unless they have 'server schannel = yes' in the smb.conf.
CVE-2020-1472 edited at 24 Sep 2020 11:55:32
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ An issue has been found in Samba 4.0 and later, where an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw., but only when used as domain controller.
+
+ Since version 4.8 (released in March 2018), the default behaviour of Samba has been to insist on a secure netlogon channel, which is a sufficient fix against the known exploits. This default is equivalent to having 'server schannel = yes' in the smb.conf.
+
+ Therefore versions 4.8 and above are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'.
+
+ Samba versions 4.7 and below are vulnerable unless they have 'server schannel = yes' in the smb.conf.
References
+ https://www.samba.org/samba/security/CVE-2020-1472.html
Notes
CVE-2020-1472 created at 24 Sep 2020 11:49:40