4.3 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
0.006 Low
EPSS
Percentile
78.8%
Itโs basically the same as CVE-2015-0005 for Windows:
The NETLOGON service in Microsoft Windows Server 2003 SP2,
Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold
and R2, when a Domain Controller is configured, allows remote
attackers to spoof the computer name of a secure channelโs
endpoint, and obtain sensitive session information, by running a
crafted application and leveraging the ability to sniff network
traffic, aka โNETLOGON Spoofing Vulnerabilityโ.
The vulnerability in Samba is worse as it doesnโt require
credentials of a computer account in the domain.
This only applies to Samba running as classic primary domain controller,
classic backup domain controller or active directory domain controller.
The security patches introduce a new option called โraw NTLMv2 authโ
(โyesโ or โnoโ) for the [global] section in smb.conf.
Samba (the smbd process) will reject client using raw NTLMv2
without using NTLMSSP.
Note that this option also applies to Samba running as
standalone server and member server.
You should also consider using โlanman auth = noโ (which is already the default)
and โntlm auth = noโ. Have a look at the smb.conf manpage for further details,
as they might impact compatibility with older clients. These also
apply for all server roles.
raw NTLMv2 auth (G)
This parameter determines whether or not smbd(8) will allow SMB1 clients
without extended security (without SPNEGO) to use NTLMv2 authentication.
If this option, lanman auth and ntlm auth are all disabled, then only
clients with SPNEGO support will be permitted. That means NTLMv2 is only
supported within NTLMSSP.
Default: raw NTLMv2 auth = no
The following constraints are applied to SMB1 connections:
A patch addressing this defect has been posted to
https://www.samba.org/samba/security/
Additionally, Samba 4.4.2, 4.3.8 and 4.2.11 have been issued as
security releases to correct the defect. Samba vendors and administrators
running affected versions are advised to upgrade or apply the patch as
soon as possible.
Note that Samba 4.4.1, 4.3.7 and 4.2.10 were privately released to vendors,
but had a regression, which is fixed in 4.4.2, 4.3.8 and 4.2.11.
None.
This vulnerability was discovered and researched by Alberto Solino from Core
Security, but only reported it against Windows as CVE-2015-0005.
Stefan Metzmacher of SerNet (https://samba.plus) and the Samba Team
(https://www.samba.org) provides the fixes in collaboration with the Samba Team.
4.3 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:P/A:N
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
0.006 Low
EPSS
Percentile
78.8%