Bug 1879822 (CVE-2020-1472)
| Summary: | CVE-2020-1472 samba: Netlogon elevation of privilege vulnerability (Zerologon) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | abokovoy, anoopcs, asn, gdeschner, gsuckevi, hvyas, iboukris, iboukris, jarrpa, jsenkyri, jstephen, lmohanty, madam, pete.perfetti, puebele, rhs-smb, rmonther, sbose, ssorce, tcrider, ymittal, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | samba 4.10.18, samba 4.11.13, samba 4.12.7 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator
privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-12-15 22:18:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1879828, 1879829, 1879834, 1879835, 1880038, 1880897 | ||
| Bug Blocks: | 1879827 | ||
|
Description
Huzaifa S. Sidhpurwala
2020-09-17 06:15:19 UTC
Mitigation: This flaw can be mitigated by using "server schannel = yes" in the smb.conf configuration file. Statement: As per upstream samba domain controllers (AD and NT4-like) can be impacted by the ZeroLogon CVE-2020-1472. Samba packages shipped with Red Hat Gluster Storage 3, Red Hat Enterprise Linux 7 and 8 are not vulnerable by default, since they have "server schannel" enabled by default in its configuration file. Created samba tracking bugs for this issue: Affects: fedora-all [bug 1880897] External References: https://www.samba.org/samba/security/CVE-2020-1472.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 https://kb.cert.org/vuls/id/490028#Samba An article describing this CVE and applicability to RHEL systems has been published as https://access.redhat.com/articles/5435971 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5439 https://access.redhat.com/errata/RHSA-2020:5439 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1472 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1647 https://access.redhat.com/errata/RHSA-2021:1647 This issue has been addressed in the following products: Red Hat Gluster Storage 3.5 for RHEL 7 Via RHSA-2021:3723 https://access.redhat.com/errata/RHSA-2021:3723 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |