=========================================================== == Subject: RC4 NetLogon Secure Channel is weak and must be avoided == == CVE ID#: (MS CVE-2022-38023) == == Versions: All versions of Samba == == Summary: RC4 protection of the NetLogon Secure channel uses the == same algorithms as rc4-md5 cryptography in Kerberos, == and so must also be assumed to be weak. =========================================================== =========== Description =========== This is Samba's response to Microsoft's CVE-2022-38023. If, per RFC8429 and as we are assuming for CVE-2022-3938, rc4-md5 cryptography in Kerberos is weak, then it follows that the RC4 mode in the NETLOGON Secure Channel (DCE/RPC bulk encryption) is also weak, as they are the same cipher (essentially). Therefore we must disable this cipher. Thankfully this cipher is unused by modern member servers (Windows 8 / Windows 2008R2 and later). In this patch we achive this by setting 'reject md5 clients = yes' and 'reject md5 servers = yes' by default. Additionally we extend the meaning of 'server require schannel' to mean that a full encrypted NETLOGON secure channel must have been negotiated. While no specific vulnerability has been disclosed to Samba, we do this to match the new Microsoft Windows behaviour. Clients that do not support NETLOGON Secure Channel encryption can be exempted in the same way as for CVE-2020-1472(ZeroLogon) The following smb.conf: server schannel = yes server require schannel:triceratops$ = no server require schannel:greywacke$ = no will allow only "triceratops$" and "greywacke$" to avoid schannel, or operate with signing-only schannel. ================== Patch Availability ================== Patches addressing both these issues have been posted to: https://www.samba.org/samba/security/ Additionally, Samba $VERSIONS have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible. ================== CVSSv3 calculation ================== CVSS:v3.1:AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (8.1) ========== Workaround ========== Setting 'reject md5 clients' (on DCs) and 'reject md5 servers' (on member servers) will avoid this vulnerable protocol. It is unknown what made Microsoft decide that signing-only schannel is vulnerable, but Samba addressed NTLM session key disclosure issue in CVE-2016-2111. ======= Credits ======= Microsoft reported this issue at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 Patches provided by $DEVELOPER of the Samba team. Advisory written by Andrew Bartlett of Catalyst and the Samba Team. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================