Bug 11850 - NetAPP SMB servers don't negotiate NTLMSSP_SIGN
NetAPP SMB servers don't negotiate NTLMSSP_SIGN
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient
All All
: P5 normal
: ---
Assigned To: Stefan Metzmacher
Samba QA Contact
Depends on: 11849
  Show dependency treegraph
Reported: 2016-04-18 14:45 UTC by Stefan Metzmacher
Modified: 2016-08-02 09:59 UTC (History)
5 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2016-04-18 14:45:30 UTC
Connecting to a netapp smb server results in the following with the CVE-2016-2110

ntlmssp_handle_neg_flags: Got challenge flags[0x60898205] - possible
downgrade detected! missing_flags[0x00000010] - NT code 0x80090302
  SPNEGO(ntlmssp) login failed: NT code 0x80090302
  session setup failed: NT code 0x80090302

0x00000010 is NTLMSSP_SIGN, which is triggered by GENSEC_FEATURE_SESSION_KEY.
Comment 1 Stefan Metzmacher 2016-04-28 03:30:24 UTC
Please test the patches from bug #11849, thanks!
Comment 2 Dariusz Gadomski 2016-04-28 11:30:11 UTC
I confirm that the patch solves the issue on Ubuntu 14.04 with Samba 4.3.8.
Comment 3 Stefan Metzmacher 2016-08-01 07:39:37 UTC
Fixed with 4.4.3, 4.3.9, 4.2.12.