The CERT advisory describes this issue as: The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges.
Mitigation: This flaw can be mitigated by using "server schannel = yes" in the smb.conf configuration file.
Statement: As per upstream samba domain controllers (AD and NT4-like) can be impacted by the ZeroLogon CVE-2020-1472. Samba packages shipped with Red Hat Gluster Storage 3, Red Hat Enterprise Linux 7 and 8 are not vulnerable by default, since they have "server schannel" enabled by default in its configuration file.
Created samba tracking bugs for this issue: Affects: fedora-all [bug 1880897]
External References: https://www.samba.org/samba/security/CVE-2020-1472.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 https://kb.cert.org/vuls/id/490028#Samba
An article describing this CVE and applicability to RHEL systems has been published as https://access.redhat.com/articles/5435971
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5439 https://access.redhat.com/errata/RHSA-2020:5439
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1472
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1647 https://access.redhat.com/errata/RHSA-2021:1647
This issue has been addressed in the following products: Red Hat Gluster Storage 3.5 for RHEL 7 Via RHSA-2021:3723 https://access.redhat.com/errata/RHSA-2021:3723
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days