Bug 1879822 (CVE-2020-1472) - CVE-2020-1472 samba: Netlogon elevation of privilege vulnerability (Zerologon) [NEEDINFO]
Summary: CVE-2020-1472 samba: Netlogon elevation of privilege vulnerability (Zerologon)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1472
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1879828 1879829 1879834 1879835 1880038 1880897
Blocks: 1879827
TreeView+ depends on / blocked
 
Reported: 2020-09-17 06:15 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-10-05 05:16 UTC (History)
21 users (show)

Fixed In Version: samba 4.10.18, samba 4.11.13, samba 4.12.7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2020-12-15 22:18:57 UTC
yjog: needinfo? (pete.perfetti)


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5439 0 None None None 2020-12-15 11:12:46 UTC
Red Hat Product Errata RHSA-2021:3723 0 None None None 2021-10-05 05:16:29 UTC

Description Huzaifa S. Sidhpurwala 2020-09-17 06:15:19 UTC
The CERT advisory describes this issue as:

The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges.

Comment 2 Huzaifa S. Sidhpurwala 2020-09-17 06:15:30 UTC
Mitigation:

This flaw can be mitigated by using "server schannel = yes" in the smb.conf configuration file.

Comment 7 Hardik Vyas 2020-09-17 15:06:26 UTC
Statement:

As per upstream samba domain controllers (AD and NT4-like) can be impacted by the ZeroLogon CVE-2020-1472. Samba packages shipped with Red Hat Gluster Storage 3, Red Hat Enterprise Linux 7 and 8 are not vulnerable by default, since they have "server schannel" enabled by default in its configuration file.

Comment 11 Huzaifa S. Sidhpurwala 2020-09-21 03:22:45 UTC
Created samba tracking bugs for this issue:

Affects: fedora-all [bug 1880897]

Comment 16 Alexander Bokovoy 2020-10-02 06:26:05 UTC
An article describing this CVE and applicability to RHEL systems has been published as https://access.redhat.com/articles/5435971

Comment 18 errata-xmlrpc 2020-12-15 11:12:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5439 https://access.redhat.com/errata/RHSA-2020:5439

Comment 19 Product Security DevOps Team 2020-12-15 22:18:57 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1472

Comment 20 errata-xmlrpc 2021-05-18 13:57:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1647 https://access.redhat.com/errata/RHSA-2021:1647

Comment 23 errata-xmlrpc 2021-10-05 05:16:27 UTC
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.5 for RHEL 7

Via RHSA-2021:3723 https://access.redhat.com/errata/RHSA-2021:3723


Note You need to log in before you can comment on or make changes to this bug.