1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/libcli
Stefan Metzmacher d3123858fb CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18 12:48:38 +00:00
..
auth CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 2020-09-18 12:48:38 +00:00
cldap CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode 2020-05-04 02:59:32 +00:00
dns build: Do not build selftest binaries for builds without --enable-selftest 2019-11-22 11:48:59 +00:00
drsuapi smbdes: convert sam_rid_crypt() to use gnutls 2019-12-10 00:30:30 +00:00
echo s4: torture: Change torture_register_suite() to add a TALLOC_CTX *. 2017-05-05 15:52:11 +02:00
http lib/util: remove extra safe_string.h file 2020-08-28 02:18:40 +00:00
ldap libcli/ldap: Fix CID 1462695 Resource leak 2020-08-06 19:00:36 +00:00
lsarpc libcli/lsarpc: add struct trustAuthInOutBlob; forward declaration 2014-04-02 09:03:42 +02:00
named_pipe_auth tstream_npa: Set local server name in auth requests 2019-10-18 16:07:35 +00:00
nbt libcli: nbt: Fix resolve_lmhosts_file_as_sockaddr() to return size_t * count of addresses. 2020-09-15 10:09:37 +00:00
netlogon libcls/netlogon: clang: Fix 'initialization value is never read' 2019-07-16 22:52:24 +00:00
registry build: Make util_reg subsystem in libcli/registry a library 2011-05-18 16:12:08 +02:00
samsync smbdes: convert sam_rid_crypt() to use gnutls 2019-12-10 00:30:30 +00:00
security lib/util: remove extra safe_string.h file 2020-08-28 02:18:40 +00:00
smb libcli:smb: Add smb_encryption_setting_translate() 2020-08-19 16:22:40 +00:00
smbreadline libcli:smbreadline: Use #ifdef instead of #if for config.h definitions 2018-11-28 23:19:22 +01:00
util libcli: Remove define STATUS_EA_LIST_INCONSISTENT 2020-06-22 13:30:51 +00:00