From 9ff1d906d0945c644b964f2e577547927387ac6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 13 Mar 2018 16:56:20 +0100 Subject: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0. Found by Vivek Das (Red Hat QE). In order to demonstrate simply run: smbclient //server/share -U user%password -mNT1 -c quit \ --option="client ntlmv2 auth"=no \ --option="client use spnego"=no against a server that uses "ntlm auth = ntlmv2-only" (our default setting). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider --- selftest/knownfail | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'selftest/knownfail') diff --git a/selftest/knownfail b/selftest/knownfail index 267c928955e..4aa224492ec 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -294,8 +294,9 @@ ^samba4.smb.signing.*disabled.*signing=off.*\(ad_dc\) # fl2000dc doesn't support AES ^samba4.krb5.kdc.*as-req-aes.*fl2000dc -# nt4_member and ad_member don't support ntlmv1 +# nt4_member and ad_member don't support ntlmv1 (not even over SMB1) ^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.member.creds.*as.user +^samba3.blackbox.smbclient_auth.plain.*_member.*option=clientntlmv2auth=no.*mNT1.member.creds.*as.user #nt-vfs server blocks read with execute access ^samba4.smb2.read.access #ntvfs server blocks copychunk with execute access on read handle -- cgit v1.2.1