Attachment 17652 Details for Bug 15240 – Initial advisory without versions or CVE number

Initial advisory without versions or CVE number

CVE-2022-XXXX-RejectMd5Clients-v01.txt (text/plain), 2.84 KB, created by Andrew Bartlett on 2022-11-14 20:19:57 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew Bartlett

Created: 2022-11-14 20:19:57 UTC

Size: 2.84 KB

patch

obsolete

>===========================================================
>== Subject:     RC4 NetLogon Secure Channel is weak and must be avoided
>==
>== CVE ID#:     (MS CVE-2022-38023)
>==
>== Versions:    All versions of Samba
>==
>== Summary:     RC4 protection of the NetLogon Secure channel uses the
>==              same algorithms as rc4-md5 cryptography in Kerberos,
>==              and so must also be assumed to be weak.
>===========================================================
>
>===========
>Description
>===========
>
>This is Samba's response to Microsoft's CVE-2022-38023.
>
>If, per RFC8429 and as we are assuming for CVE-2022-3938, rc4-md5
>cryptography in Kerberos is weak, then it follows that the RC4 mode in
>the NETLOGON Secure Channel (DCE/RPC bulk encryption) is also weak, as
>they are the same cipher (essentially).
>
>Therefore we must disable this cipher.  Thankfully this cipher is
>unused by modern member servers (Windows 8 / Windows 2008R2 and later).
>
>In this patch we achive this by setting 'reject md5 clients = yes' and
>'reject md5 servers = yes' by default.
>
>Additionally we extend the meaning of 'server require schannel' to mean
>that a full encrypted NETLOGON secure channel must have been
>negotiated.  While no specific vulnerability has been disclosed to
>Samba, we do this to match the new Microsoft Windows behaviour.
>
>Clients that do not support NETLOGON Secure Channel encryption can be
>exempted in the same way as for CVE-2020-1472(ZeroLogon)
>
>The following smb.conf:
>
>   server schannel = yes
>   server require schannel:triceratops$ = no
>   server require schannel:greywacke$ = no
>
>will allow only "triceratops$" and "greywacke$" to avoid schannel, or
>operate with signing-only schannel.
>
>==================
>Patch Availability
>==================
>
>Patches addressing both these issues have been posted to:
>
>    https://www.samba.org/samba/security/
>
>Additionally, Samba $VERSIONS have been issued
>as security releases to correct the defect.  Samba administrators are
>advised to upgrade to these releases or apply the patch as soon
>as possible.
>
>==================
>CVSSv3 calculation
>==================
>
>CVSS:v3.1:AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (8.1)
>
>==========
>Workaround
>==========
>
>Setting 'reject md5 clients' (on DCs) and 'reject md5 servers' (on
>member servers) will avoid this vulnerable protocol.  It is unknown
>what made Microsoft decide that signing-only schannel is vulnerable,
>but Samba addressed NTLM session key disclosure issue in CVE-2016-2111.
>
>=======
>Credits
>=======
>
>Microsoft reported this issue at 
>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023
>
>Patches provided by $DEVELOPER of the Samba team.
>
>Advisory written by Andrew Bartlett of Catalyst and the Samba Team.
>
>==========================================================
>== Our Code, Our Bugs, Our Responsibility.
>== The Samba Team
>==========================================================
>

Actions: View

Attachments on bug 15240: 17652 | 17671 | 17684 | 17692 | 17693 | 17694 | 17698 | 17705 | 17726 | 17727 | 17728 | 17736