CVE-2020-1472

Priority
Description
An elevation of privilege vulnerability exists when an attacker establishes
a vulnerable Netlogon secure channel connection to a domain controller,
using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of
Privilege Vulnerability'.
Assigned-to
mdeslaur
Notes
mdeslaurStarting with Samba 4.8, "server schannel" defaults to "yes"
instead of "auto". This is sufficient to address this
vulnerability. See details in the upstream bug report.
There may be an additional commit to make ServerAuthenticate3
fail so that the false positive reported by the third party
vulnerability scanning tools is fixed.
Package
Source: samba (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 ESM (Trusty Tahr):released (2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.3.11+dfsg-0ubuntu0.16.04.30)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:4.7.6+dfsg~ubuntu-0ubuntu2.19)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (2:4.11.6+dfsg-0ubuntu1.4)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2:4.12.5+dfsg-3ubuntu3)
Patches:
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=c7acae904301cfc6a281d63f4e7d3cc6f4fff938
Upstream:https://git.samba.org/?p=samba.git;a=commit;h=0341e83d40dc42fbb1f1e467626418a9e4dedf40
More Information

Updated: 2020-09-18 12:22:44 UTC (commit f03c1a978419093a0a2d18287f8a18a996019dea)