Once it finds a match, the connection is made, and the user can continue. If a connection uses Secure Sockets Layers (SSL) or Transport Layer Security (TLS), the browser will look to connect by running down the list of cipher suites. This flaw can be mitigated by using "server schannel = yes" in the smb.conf configuration file.Check out our video guide to fixing the ‘PR_END_OF_FILE_ERROR’ Secure Connection Error:īefore we go into what the PR_END_OF_FILE_ERROR is, we have to talk about “ cipher suites.” This can get complex, but in a broad sense, it’s a list of instructions to help secure and authenticate a network connection over an encrypted protocol. Samba packages shipped with Red Hat Gluster Storage 3, Red Hat Enterprise Linux 7 and 8 are not vulnerable by default, since they have "server schannel" enabled by default in its configuration file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.Īs per upstream samba domain controllers (AD and NT4-like) can be impacted by the ZeroLogon CVE-2020-1472. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. Please also see where they recommend using "server schannel = yes" in the smb.conf configuration.Ī flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. I personally have no details on a resolution for CIFS/Samba, but am posting it here for the community. Update the device, service and/or appliance that sets up the vulnerable Netlogon connection to support secure RPC with Netlogon secure channel. Microsoft’s docs on netlogon (navigate from left window pane at that link) White-paper pdf copy with more detail than above link: The August 11th, 2020 update and the February 9th, 2021 update address the CVE-2020-1472 vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
Microsoft is addressing the vulnerability in a phased two-part rollout. While this is a Microsoft vulnerability, this affects Samba/CIFS clients when Microsoft issues a patch in February 2021ĮventID 5829 triggers whenever a vulnerable Netlogon secure channel connection is allowed in the timeframe between applying the August 11th, 2020 cumulative update and applying the February 9th, 2021 cumulative update.
Those who would be most affected are those who serve Linux/UNIX CIFS/Samba to windows clients through a Windows domain. First of all, this will affect Linux CIFS aka Samba, even though this is a Microsoft vulnerability.
0 kommentar(er)
