sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-14 01:57:53 +03:00
Code
samba-mirror/libcli
History
Günther Deschner a5245e464d CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". 
This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0.

Found by Vivek Das <vdas@redhat.com> (Red Hat QE).

In order to demonstrate simply run:

smbclient //server/share -U user%password -mNT1 -c quit \
--option="client ntlmv2 auth"=no \
--option="client use spnego"=no

against a server that uses "ntlm auth = ntlmv2-only" (our default
setting).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360

CVE-2018-1139: Weak authentication protocol allowed.

Guenther

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-08-11 08:16:03 +02:00
..
auth
CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".
2018-08-11 08:16:03 +02:00
cldap
s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
2016-10-18 02:16:20 +02:00
dns
dnscli: Make a few functions static
2018-01-06 00:07:17 +01:00
drsuapi
werror: replace WERR_SEC_E_DECRYPT_FAILURE with HRES_SEC_E_DECRYPT_FAILURE
2016-09-28 00:04:35 +02:00
echo
s4: torture: Change torture_register_suite() to add a TALLOC_CTX *.
2017-05-05 15:52:11 +02:00
ldap
typo: mplementation => implementation
2016-05-06 05:03:16 +02:00
lsarpc
libcli/lsarpc: add struct trustAuthInOutBlob; forward declaration
2014-04-02 09:03:42 +02:00
named_pipe_auth
named_pipe_auth: Rename client -> remote_client and server -> local_server
2017-03-29 02:37:28 +02:00
nbt
s4: nmblookup: Allocate event context off NULL instead of talloc_autofree_context().
2017-05-13 21:01:25 +02:00
netlogon
libcli/netlogon: We need to handle a bug in FreeIPA (at least <= 4.1.2).
2015-01-05 17:01:08 +01:00
registry
build: Make util_reg subsystem in libcli/registry a library
2011-05-18 16:12:08 +02:00
samsync
libcli: Use "all_zero" where appropriate
2017-01-03 16:04:28 +01:00
security
CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights
2018-08-11 08:16:01 +02:00
smb
libsmb: Handle long-running smb2cli_notify
2018-04-19 11:40:11 +02:00
smbreadline
lib/smbreadline: detect picky compile issue with readline.h
2017-11-24 01:13:15 +01:00
util
python: Make generated modules samba.ntstatus and samba.werror Python 3 compatible.
2017-08-22 17:38:17 +02:00