A vulnerability exists within the Netlogon authentication process where the security properties granted by AES are lost due to an implementation flaw related to the use of a static initialization vector (IV). An attacker can leverage this flaw to target an Active Directory Domain Controller and make repeated authentication attempts using NULL data fields which will succeed every 1 in 256 tries (~0.4%). This Metasploit module leverages the vulnerability to reset the machine account password to an empty string, which will then allow the attacker to authenticate as the machine account. After exploitation, its important to restore this password to its original value. Failure to do so can result in service instability.
2e8cb0b33fee94cb76487f48c8612ae293bf93023140f19faf6766dfb2245f0eRed Hat Security Advisory 2021-3723-01 - Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.
3e4800b5e3e4d8a2012f3bf9ae908f590535ab2f963150c4f4cc8a7501feb9b3Red Hat Security Advisory 2021-1647-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a double free vulnerability.
291e9afaaa62758a1a6d7b1aaa3138d21ed18a8256ace47c8f89937c64380841Zerologon is a vulnerability in Microsoft's Netlogon Remote Procedural Call (MS-NRPC) protocol. Specifically, this vulnerability occurs due to an incorrect implementation of the AES-128 Counter Feedback mode of operation. This vulnerability was given a CVSS score of 10 by Microsoft and can be carried out by anyone with a foothold in the network. This paper aims to explain the detail and working of MS-NRPC protocol, its vulnerability, and finally cover how to exploit it, something which the original paper by Secura left out.
1e8879b0c6ba12ad9930150a8a890fbd74b58b7738cb0d85c748a3c4e587a875Gentoo Linux Security Advisory 202012-24 - Multiple vulnerabilities have been found in Samba, the worst of which could result in a Denial of Service condition. Versions less than 4.12.9 are affected.
09eede95a802e9406ba2349f3ea9a0665ce582d50fcd93512059a1e324ed54bcRed Hat Security Advisory 2020-5439-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include a memory leak vulnerability.
1cd908b159ef1b76221d2e9d0d69adbb11c5ecc9cafde8a5307b43268d43d893Proof of concept exploit for the ZeroLogin Netlogon privilege escalation vulnerability.
e1e2f7934eb9d7e606d728985e21b4e36b56ce81fa5cfe609c297efa97c1ee8fUbuntu Security Notice 4559-1 - Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which forced a secure netlogon channel, this update provides additional improvements. Various other issues were also addressed.
61ebb653ef48e45237d93b5107a0ea96c40140ab606b9ea9367ed3556b69e08dUbuntu Security Notice 4510-2 - USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM. Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. Various other issues were also addressed.
aafb6bc46e88f588611de36fe13e2ea968b441a056900ec6d16c6f0f3b4df82bUbuntu Security Notice 4510-1 - Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting. Various other issues were also addressed.
84259729ff6e1a9d09cd66022b409b383b84a0da05d4de6be35934d6804f7f6dProof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.
c33a65409db7ea9ced3d7e9d9df80a4e2cef77b787ac47ff949764da970ec602Oracle Solaris 11 Device Driver Utility version 1.3.1 suffers from an insecure use of /tmp that can allow for a race condition which leads to privilege escalation. Included exploit provides a root shell.
ab9f7d499e25ee29f512a1665d6b70ae126fc6bd0318afb737ac4598bbd67bee
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed