8/24/2023 0 Comments Samba classic redRed Hat Enterprise Linux 7 and 8ĭefault configurations of the samba packages shipped with Red Hat Gluster Storage 3, and Red Hat Enterprise Linux 7 and 8 are not vulnerable by default. The vulnerability can be mitigated by following the instructions mentioned in the “Mitigation” section. Red Hat Enterprise Linux 6ĭefault configurations of the samba and samba4 packages shipped with Red Hat Enterprise Linux 6 are vulnerable as they do not enforce secure channel establishment for all client connections to the netlogon service. All Samba components in all Red Hat Enterprise Linux (RHEL) versions do support operating with schannel established, and will continue to work when future updates from Microsoft will disable unauthenticated channel support altogether. Red Hat is not aware of any specific applications that require use of an unauthenticated channel to netlogon service. Due to this, Microsoft’s mitigation for CVE-2020-1472 does not immediately disable unauthenticated access to netlogon service. Requiring a secure channel might break some old applications which originate from pre-Active Directory time (NT4 domains). This default is equivalent to having 'server schannel = yes' in the smb.conf. Since version 4.8, the default behaviour of Samba has been to insist on a secure channel for all clients, which is a sufficient fix against the known exploits of CVE-2020-1472 attack. However, default behavior for server schannel prior to Samba 4.8 was to automatically negotiate secure channel only if a client supports it. The Samba suite supports secure channel establishment between domain members and domain controllers. Schannel setup prevents unauthenticated access to netlogon service and thus mitigates any attack vector described in CVE-2020-1472. Such a requirement is known as a secure channel establishment between domain members and domain controllers, commonly referred to as ‘schannel’. To protect against the attack described in CVE-2020-1472, an authenticated connection to netlogon service must be used. The attack can result in a denial of service and potentially allow an attacker to gain domain administrator privileges. The RHEL version of the Samba package only provides classic/NT4-style domain controllers.Īn unauthenticated attacker with network access to a domain controller can impersonate any domain-joined computer, including a domain controller. Samba Domain Controller role is implemented in both Active Directory mode and also the classic/NT4-style mode. This applies to Samba when it is used as a domain controller. In Windows environments, only the domain controller runs the netlogon service accessible by clients. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges. The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. Since the flaw is a protocol level flaw, and Samba implements the protocol, Samba is also vulnerable. This was reported and mitigated by Microsoft as CVE-2020-1472. The implementation of netlogon protocol contains a flaw that allows an authentication bypass. The netlogon service, as part of the domain controller functionality, implements Microsoft Netlogon Remote Protocol. Netlogon service is an authentication mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates domain controllers. Red Hat is responding to a vulnerability ( CVE-2020-1472) in the Microsoft Netlogon service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |