CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
65.8%
Samba has an option called โclient signingโ, this is turned off by default
for performance reasons on file transfers.
This option is also used when using DCERPC with ncacn_np.
In order to get integrity protection for ipc related communication
by default the โclient ipc signingโ option is introduced.
The effective default for this new option is โmandatoryโ.
In order to be compatible with more SMB server implementations,
the following additional options are introduced:
โclient ipc min protocolโ (โNT1โ by default) and
โclient ipc max protocolโ (the highest support SMB2/3 dialect by default).
These options overwrite the โclient min protocolโ and โclient max protocolโ
options, because the default for โclient max protocolโ is still โNT1โ.
The reason for this is the fact that all SMB2/3 support SMB signing,
while there are still SMB1 implementations which donโt offer SMB signing
by default (this includes Samba versions before 4.0.0).
Note that winbindd (in versions 4.2.0 and higher) enforces SMB signing
against active directory domain controllers despite of the
โclient signingโ and โclient ipc signingโ options.
client ipc signing (G)
This controls whether the client is allowed or required to use
SMB signing for IPC$ connections as DCERPC transport. Possible
values are auto, mandatory and disabled.
When set to mandatory or default, SMB signing is required.
When set to auto, SMB signing is offered, but not enforced and
if set to disabled, SMB signing is not offered either.
Connections from winbindd to Active Directory Domain Controllers
always enforce signing.
Default: client ipc signing = default
client ipc max protocol (G)
The value of the parameter (a string) is the highest protocol level that will
be supported for IPC$ connections as DCERPC transport.
Normally this option should not be set as the automatic negotiation phase
in the SMB protocol takes care of choosing the appropriate protocol.
The value default refers to the latest supported protocol, currently SMB3_11.
See client max protocol for a full list of available protocols.
The values CORE, COREPLUS, LANMAN1, LANMAN2 are silently upgraded to NT1.
Default: client ipc max protocol = default
Example: client ipc max protocol = SMB2_10
client ipc min protocol (G)
This setting controls the minimum protocol version that the will be
attempted to use for IPC$ connections as DCERPC transport.
Normally this option should not be set as the automatic negotiation phase
in the SMB protocol takes care of choosing the appropriate protocol.
The value default refers to the higher value of NT1 and the
effective value of "client min protocol".
See client max protocol for a full list of available protocols.
The values CORE, COREPLUS, LANMAN1, LANMAN2 are silently upgraded to NT1.
Default: client ipc min protocol = default
Example: client ipc min protocol = SMB3_11
A patch addressing this defect has been posted to
https://www.samba.org/samba/security/
Additionally, Samba 4.4.2, 4.3.8 and 4.2.11 have been issued as
security releases to correct the defect. Samba vendors and administrators
running affected versions are advised to upgrade or apply the patch as
soon as possible.
Note that Samba 4.4.1, 4.3.7 and 4.2.10 were privately released to vendors,
but had a regression, which is fixed in 4.4.2, 4.3.8 and 4.2.11.
An explicit โclient signing = mandatoryโ in the [global].
This vulnerability was discovered and researched by Stefan Metzmacher of
SerNet (https://samba.plus) and the Samba Team (https://www.samba.org).
He provides the fixes in collaboration with the Samba Team.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
65.8%