CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validati...
authorStefan Metzmacher <metze@samba.org>
Fri, 7 Aug 2015 11:33:17 +0000 (13:33 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
source3/rpc_server/netlogon/srv_netlog_nt.c

index d5fd745711a867d5bbfa1489bd9e06adc3a716d9..aec0d89f94e125c6ec53d202a6a54149de883411 100644 (file)
@@ -1719,6 +1719,14 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
                                                r->out.validation->sam3);
                break;
        case 6:
+               /* Only allow this if the pipe is protected. */
+               if (p->auth.auth_level < DCERPC_AUTH_LEVEL_PRIVACY) {
+                       DEBUG(0,("netr_Validation6: client %s not using privacy for netlogon\n",
+                               get_remote_machine_name()));
+                       status = NT_STATUS_INVALID_PARAMETER;
+                       break;
+               }
+
                status = serverinfo_to_SamInfo6(server_info,
                                                r->out.validation->sam6);
                break;