sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-20 14:03:59 +03:00
Code
samba-mirror/libcli/auth
History
Stefan Metzmacher d3123858fb CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
..
tests
smbdes: remove old unused DES builtin-crypto
2019-12-10 00:30:31 +00:00
credentials.c
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
2020-09-18 12:48:38 +00:00
credentials.h
s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc
2012-07-17 10:58:38 +02:00
libcli_auth.h
libcli/auth: remove unused NTLMSSP_NAME_TYPE_ flags.
2009-08-28 10:09:19 +02:00
msrpc_parse.c
libcli/auth: remove unused variable in msrpc_parse()
2016-07-06 19:07:16 +02:00
msrpc_parse.h
libcli/auth/msrpc_parse.h: fix licence/copyright
2011-06-10 15:11:30 +02:00
netlogon_creds_cli.c
CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c
2020-09-18 12:48:38 +00:00
netlogon_creds_cli.h
libcli/auth: add netlogon_creds_cli_LogonGetDomainInfo()
2019-09-20 01:14:43 +00:00
ntlm_check.c
auth: Avoid casts in ntlm_check.c
2020-01-06 03:12:19 +00:00
ntlm_check.h
param: Add new "disabled" value to "ntlm auth" to disable NTLM totally
2017-07-04 06:57:20 +02:00
pam_errors.c
pam: map more NT password errors to PAM errors
2016-12-13 14:12:06 +01:00
pam_errors.h
pam: share pam errors in a common location.
2011-02-08 14:05:36 +01:00
proto.h
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values
2020-09-18 12:48:38 +00:00
schannel_proto.h
auth/gensec: move libcli/auth/schannel_sign.c into schannel.c
2014-01-07 00:27:11 +01:00
schannel_state_tdb.c
lib: Fix an error path memleak in schannel_get_creds_state()
2019-11-14 22:26:30 +00:00
schannel_state.h
rpc_server:netlogon Move from memcache to a tdb cache
2016-12-14 20:12:13 +01:00
schannel.h
libcli/auth/schannel: make struct schannel_state private
2013-08-10 09:19:02 +02:00
session.c
sess_crypt_blob can only crypt blobs whose size divides by 8
2019-12-10 00:30:31 +00:00
smbdes.c
smbdes: remove old unused DES builtin-crypto
2019-12-10 00:30:31 +00:00
smbencrypt.c
smbdes: convert E_P24() and SMBOWFencrypt to use gnutls
2019-12-10 00:30:30 +00:00
spnego_parse.c
CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
2020-05-04 02:59:31 +00:00
spnego_proto.h
libcli/auth: add more const to spnego_negTokenInit->mechTypes
2013-08-10 11:11:53 +02:00
spnego.h
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
2016-04-12 19:25:22 +02:00
wscript_build
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
2020-09-18 12:48:38 +00:00