In the wake of a Microsoft Windows Netlogon vulnerability exploit and patch, Samba also released a security update for the vulnerability dubbed Zerologon.
Just last week, researchers warned Zerologon could allow attackers to hijack Windows domain controllers.
Although Microsoft issued a patch for the vulnerability as part of the August security updates, new research suggests exploit code is now publicly available.
In a new security advisory, Samba also confirmed an unauthenticated attacker on the network could gain administrator access by exploiting the netlogon protocol vulnerability CVE-2020-1472.
The patch is applicable to Samba used as a domain controller only and affects Samba 4.0 and later versions.
“The netlogon protocol contains a flaw that allows an authentication bypass. This was reported and patched by Microsoft as CVE-2020-1472. Since the bug is a protocol level flaw, and Samba implements the protocol, Samba is also vulnerable,” Samba explained.
In addition, Samba explained that versions 4.8 and above are not vulnerable unless they have the smb.conf lines ‘server schannel = no’ or ‘server schannel = auto’.