Show Navigation
Conversation
Notices
-
Samba Security Announcement Archive
https://www.samba.org/samba/security/CVE-2020-1472.html
>== Subject: Unauthenticated domain takeover via netlogon ("ZeroLogon")
>== CVE ID#: CVE-2020-1472
>== Versions: Samba 4.0 and later
>== Summary: An unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw.
>Description
>The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC).
>...
-
@geniusmusing That's really bad. Unauthenticated domain takeover is just about the worst possible flaw for #AD / #LDAP.
-
@lnxw48a1 Also no Samba updates for Debian yet but also not running an AD/DC so that may be why.