1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/libcli/auth
Stefan Metzmacher d3123858fb CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
..
tests smbdes: remove old unused DES builtin-crypto 2019-12-10 00:30:31 +00:00
credentials.c CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 2020-09-18 12:48:38 +00:00
credentials.h s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc 2012-07-17 10:58:38 +02:00
libcli_auth.h
msrpc_parse.c libcli/auth: remove unused variable in msrpc_parse() 2016-07-06 19:07:16 +02:00
msrpc_parse.h libcli/auth/msrpc_parse.h: fix licence/copyright 2011-06-10 15:11:30 +02:00
netlogon_creds_cli.c CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c 2020-09-18 12:48:38 +00:00
netlogon_creds_cli.h libcli/auth: add netlogon_creds_cli_LogonGetDomainInfo() 2019-09-20 01:14:43 +00:00
ntlm_check.c auth: Avoid casts in ntlm_check.c 2020-01-06 03:12:19 +00:00
ntlm_check.h param: Add new "disabled" value to "ntlm auth" to disable NTLM totally 2017-07-04 06:57:20 +02:00
pam_errors.c pam: map more NT password errors to PAM errors 2016-12-13 14:12:06 +01:00
pam_errors.h pam: share pam errors in a common location. 2011-02-08 14:05:36 +01:00
proto.h CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values 2020-09-18 12:48:38 +00:00
schannel_proto.h auth/gensec: move libcli/auth/schannel_sign.c into schannel.c 2014-01-07 00:27:11 +01:00
schannel_state_tdb.c lib: Fix an error path memleak in schannel_get_creds_state() 2019-11-14 22:26:30 +00:00
schannel_state.h rpc_server:netlogon Move from memcache to a tdb cache 2016-12-14 20:12:13 +01:00
schannel.h libcli/auth/schannel: make struct schannel_state private 2013-08-10 09:19:02 +02:00
session.c sess_crypt_blob can only crypt blobs whose size divides by 8 2019-12-10 00:30:31 +00:00
smbdes.c smbdes: remove old unused DES builtin-crypto 2019-12-10 00:30:31 +00:00
smbencrypt.c smbdes: convert E_P24() and SMBOWFencrypt to use gnutls 2019-12-10 00:30:30 +00:00
spnego_parse.c CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth 2020-05-04 02:59:31 +00:00
spnego_proto.h libcli/auth: add more const to spnego_negTokenInit->mechTypes 2013-08-10 11:11:53 +02:00
spnego.h CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult 2016-04-12 19:25:22 +02:00
wscript_build CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 2020-09-18 12:48:38 +00:00