summaryrefslogtreecommitdiff
path: root/selftest/knownfail
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2018-03-13 16:56:20 +0100
committerKarolin Seeger <kseeger@samba.org>2018-08-11 08:16:03 +0200
commita5245e464d710ecb41c759d04ae1c762fbd8d2e9 (patch)
treee2c4c180067ce8598f60f23a22a7410cd92f68d1 /selftest/knownfail
parent6993f39d20de0944c557336a99ac8e63551c808c (diff)
downloadsamba-a5245e464d710ecb41c759d04ae1c762fbd8d2e9.tar.gz
CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".
This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0. Found by Vivek Das <vdas@redhat.com> (Red Hat QE). In order to demonstrate simply run: smbclient //server/share -U user%password -mNT1 -c quit \ --option="client ntlmv2 auth"=no \ --option="client use spnego"=no against a server that uses "ntlm auth = ntlmv2-only" (our default setting). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'selftest/knownfail')
-rw-r--r--selftest/knownfail3
1 files changed, 2 insertions, 1 deletions
diff --git a/selftest/knownfail b/selftest/knownfail
index eaddaece25c..5790f4c205c 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -300,8 +300,9 @@
^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\)
# fl2000dc doesn't support AES
^samba4.krb5.kdc.*as-req-aes.*fl2000dc
-# nt4_member and ad_member don't support ntlmv1
+# nt4_member and ad_member don't support ntlmv1 (not even over SMB1)
^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.member.creds.*as.user
+^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.*mNT1.member.creds.*as.user
#nt-vfs server blocks read with execute access
^samba4.smb2.read.access
#ntvfs server blocks copychunk with execute access on read handle
View Lorry Controller Status