diff options
author | Günther Deschner <gd@samba.org> | 2018-03-13 16:56:20 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-08-14 13:57:15 +0200 |
commit | c25460ee1f1b10bf69eaaf1ac937da225854d1d1 (patch) | |
tree | af0ca50a0ff08695f8e614ad6889d381fd9e4a71 /libcli | |
parent | c88f7795b34eef6d2432f8e9c2fffc14f419dfcd (diff) | |
download | samba-c25460ee1f1b10bf69eaaf1ac937da225854d1d1.tar.gz |
CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".
This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0.
Found by Vivek Das <vdas@redhat.com> (Red Hat QE).
In order to demonstrate simply run:
smbclient //server/share -U user%password -mNT1 -c quit \
--option="client ntlmv2 auth"=no \
--option="client use spnego"=no
against a server that uses "ntlm auth = ntlmv2-only" (our default
setting).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360
CVE-2018-1139: Weak authentication protocol allowed.
Guenther
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/auth/ntlm_check.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c index 1c6499bd210..b68e9c87888 100644 --- a/libcli/auth/ntlm_check.c +++ b/libcli/auth/ntlm_check.c @@ -572,7 +572,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, - I think this is related to Win9X pass-though authentication */ DEBUG(4,("ntlm_password_check: Checking NT MD4 password in LM field\n")); - if (ntlm_auth) { + if (ntlm_auth == NTLM_AUTH_ON) { if (smb_pwd_check_ntlmv1(mem_ctx, lm_response, stored_nt->hash, challenge, |