diff options
author | Günther Deschner <gd@samba.org> | 2018-03-13 16:56:20 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2018-08-11 21:56:43 +0200 |
commit | 9ff1d906d0945c644b964f2e577547927387ac6e (patch) | |
tree | 926a1caf0243b8c2ad2dd45af78b286ab0d59ffd /selftest | |
parent | cd2e11d9036782d9bf2ac553285694211cce856c (diff) | |
download | samba-9ff1d906d0945c644b964f2e577547927387ac6e.tar.gz |
CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".
This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0.
Found by Vivek Das <vdas@redhat.com> (Red Hat QE).
In order to demonstrate simply run:
smbclient //server/share -U user%password -mNT1 -c quit \
--option="client ntlmv2 auth"=no \
--option="client use spnego"=no
against a server that uses "ntlm auth = ntlmv2-only" (our default
setting).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360
CVE-2018-1139: Weak authentication protocol allowed.
Guenther
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/knownfail | 3 | ||||
-rw-r--r-- | selftest/knownfail.d/ntlm | 2 |
2 files changed, 2 insertions, 3 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 267c928955e..4aa224492ec 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -294,8 +294,9 @@ ^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\) # fl2000dc doesn't support AES ^samba4.krb5.kdc.*as-req-aes.*fl2000dc -# nt4_member and ad_member don't support ntlmv1 +# nt4_member and ad_member don't support ntlmv1 (not even over SMB1) ^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.member.creds.*as.user +^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.*mNT1.member.creds.*as.user #nt-vfs server blocks read with execute access ^samba4.smb2.read.access #ntvfs server blocks copychunk with execute access on read handle diff --git a/selftest/knownfail.d/ntlm b/selftest/knownfail.d/ntlm deleted file mode 100644 index c6e6a3739ba..00000000000 --- a/selftest/knownfail.d/ntlm +++ /dev/null @@ -1,2 +0,0 @@ -^samba.unittests.ntlm_check.test_ntlm_mschapv2_only_denied -^samba.unittests.ntlm_check.test_ntlmv2_only_ntlm\( |