CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via...
authorGünther Deschner <gd@samba.org>
Tue, 13 Mar 2018 15:56:20 +0000 (16:56 +0100)
committerKarolin Seeger <kseeger@samba.org>
Sat, 11 Aug 2018 06:16:03 +0000 (08:16 +0200)
commita5245e464d710ecb41c759d04ae1c762fbd8d2e9
treee2c4c180067ce8598f60f23a22a7410cd92f68d1
parent6993f39d20de0944c557336a99ac8e63551c808c
CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth".

This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0.

Found by Vivek Das <vdas@redhat.com> (Red Hat QE).

In order to demonstrate simply run:

smbclient //server/share -U user%password -mNT1 -c quit \
--option="client ntlmv2 auth"=no \
--option="client use spnego"=no

against a server that uses "ntlm auth = ntlmv2-only" (our default
setting).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360

CVE-2018-1139: Weak authentication protocol allowed.

Guenther

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
libcli/auth/ntlm_check.c
selftest/knownfail
selftest/knownfail.d/ntlm [deleted file]