Your submission was sent successfully! Close

CVE-2020-1472

Published: 16 September 2020

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

Priority

Medium

CVSS 3 base score: 10.0

Status

Package Release Status
samba
Launchpad, Ubuntu, Debian
bionic
Released (2:4.7.6+dfsg~ubuntu-0ubuntu2.19)
focal Not vulnerable
(2:4.11.6+dfsg-0ubuntu1.4)
precise Ignored

trusty
Released (2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9)
upstream Needs triage

xenial
Released (2:4.3.11+dfsg-0ubuntu0.16.04.30)

Notes

AuthorNote
mdeslaur
Starting with Samba 4.8, "server schannel" defaults to "yes"
instead of "auto". This is sufficient to address this
vulnerability. See details in the upstream bug report.
There may be an additional commit to make ServerAuthenticate3
fail so that the false positive reported by the third party
vulnerability scanning tools is fixed.

References

Bugs