Security News > 2020 > September > Samba Issues Patches for Zerologon Vulnerability
The Samba team has released patches for a critical-severity elevation of privilege vulnerability impacting the Microsoft Windows Netlogon Remote Protocol.
With Zerologon being a protocol-level vulnerability and Samba implementing the Netlogon protocol, Samba is also vulnerable to the bug, when used as domain controller only.
Active Directory DC installations are affected the most, with the flaw having low impact on the classic/NT4-style DC. "Since version 4.8, the default behaviour of Samba has been to insist on a secure netlogon channel, which is a sufficient fix against the known exploits. This default is equivalent to having 'server schannel = yes' in the smb.conf. Therefore versions 4.8 and above are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'," the Samba team explains.
The vulnerability doesn't directly impact installations where Samba runs as a file server only, as they do not run the Netlogon service.
Exploitation of the vulnerability could result in complete domain takeover, or disclosure of session keys or denial of service, Samba explains, urging vendors to install the available patches as soon as possible.