Bug 1879822 (CVE-2020-1472) - CVE-2020-1472 samba: Netlogon elevation of privilege vulnerability (Zerologon)
Summary: CVE-2020-1472 samba: Netlogon elevation of privilege vulnerability (Zerologon)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1472
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1879828 1879829 1879834 1879835 1880038 1880897
Blocks: 1879827
TreeView+ depends on / blocked
 
Reported: 2020-09-17 06:15 UTC by Huzaifa S. Sidhpurwala
Modified: 2024-03-25 16:30 UTC (History)
22 users (show)

Fixed In Version: samba 4.10.18, samba 4.11.13, samba 4.12.7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2020-12-15 22:18:57 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5439 0 None None None 2020-12-15 11:12:46 UTC
Red Hat Product Errata RHSA-2021:3723 0 None None None 2021-10-05 05:16:29 UTC

Description Huzaifa S. Sidhpurwala 2020-09-17 06:15:19 UTC
The CERT advisory describes this issue as:

The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges.

Comment 2 Huzaifa S. Sidhpurwala 2020-09-17 06:15:30 UTC
Mitigation:

This flaw can be mitigated by using "server schannel = yes" in the smb.conf configuration file.

Comment 7 Hardik Vyas 2020-09-17 15:06:26 UTC
Statement:

As per upstream samba domain controllers (AD and NT4-like) can be impacted by the ZeroLogon CVE-2020-1472. Samba packages shipped with Red Hat Gluster Storage 3, Red Hat Enterprise Linux 7 and 8 are not vulnerable by default, since they have "server schannel" enabled by default in its configuration file.

Comment 11 Huzaifa S. Sidhpurwala 2020-09-21 03:22:45 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1880897]

Comment 16 Alexander Bokovoy 2020-10-02 06:26:05 UTC
An article describing this CVE and applicability to RHEL systems has been published as https://access.redhat.com/articles/5435971

Comment 18 errata-xmlrpc 2020-12-15 11:12:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5439 https://access.redhat.com/errata/RHSA-2020:5439

Comment 19 Product Security DevOps Team 2020-12-15 22:18:57 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1472

Comment 20 errata-xmlrpc 2021-05-18 13:57:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1647 https://access.redhat.com/errata/RHSA-2021:1647

Comment 23 errata-xmlrpc 2021-10-05 05:16:27 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.5 for RHEL 7

Via RHSA-2021:3723 https://access.redhat.com/errata/RHSA-2021:3723

Comment 25 Red Hat Bugzilla 2023-09-15 00:48:18 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days


Note You need to log in before you can comment on or make changes to this bug.