Bugzilla – Bug 1095048
VUL-0: CVE-2018-1139: samba: ntlmv1 auth available although disabled
Last modified: 2018-10-06 22:40:59 UTC
is now public https://www.samba.org/samba/security/CVE-2018-1139.html CVE-2018-1139.html =========================================================== == Subject: Weak authentication protocol allowed. == == CVE ID#: CVE-2018-1139 == == Versions: Samba 4.7.0 - 4.8.3 (inclusive) == == Summary: Samba 4.7 and 4.8 are affected by a vulnerability == that allows authentication via NTLMv1 even if disabled. == =========================================================== =========== Description =========== Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which allows authentication using NTLMv1 over an SMB1 transport (either directory or via NETLOGON SamLogon calls from a member server), even when NTLMv1 is explicitly disabled on the server. Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2. This has been the default since Samba 4.5. A code restructuring in the NTLM authentication implementation of Samba in 4.7.0 caused this regression to occur. Additionally, it is the responsbility of the client to send the strongest authentication hash possible. The server-side restrictions primarily aid in ensuring consistent client policy. Because by default clients using SMB2 or SMB1 when SPNEGO or NTLMSSP is in use will chose a more recent authentication dialect (at least so-called NTLM2 session security, and typically NTLMv2), this oversight impacts only extreme mis-configurations or legacy clients on early dialects of SMB1. ================== Patch Availability ================== Patches addressing this issue have been posted to: http://www.samba.org/samba/security/ Samba versions 4.7.9 and 4.8.4 have been released with fixes for this issue. ========== Workaround ========== None ======= Credits ======= This vulnerability was found by Vivek Das from Red Hat and was fixed by Stefan Metzmacher of SerNet and the Samba team and Andrew Bartlett of Catalyst and the Samba team.
SUSE-SU-2018:2318-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1095048,1095056,1095057,1103411,1103414 CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): samba-4.7.8+git.86.94b6d10f7dd-4.15.1 SUSE Linux Enterprise High Availability 15 (src): samba-4.7.8+git.86.94b6d10f7dd-4.15.1
openSUSE-SU-2018:2400-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1095048,1095056,1095057,1103411,1103414 CVE References: CVE-2018-10858,CVE-2018-10918,CVE-2018-10919,CVE-2018-1139,CVE-2018-1140 Sources used: openSUSE Leap 15.0 (src): samba-4.7.8+git.86.94b6d10f7dd-lp150.3.6.1
shipped