search for: 1472

Hi, I saw https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/ and https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 today and I am wondering what impact if any this has on samba AD domains in particular and samba in general? Is samba using the "vulnerable Netlogon secure channel con...

https://bugzilla.netfilter.org/show_bug.cgi?id=1472 Bug ID: 1472 Summary: [sets] global named sets that can be utilised across families Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement...

https://bugzilla.mindrot.org/show_bug.cgi?id=1472 Summary: Authentication options not cleared in privileged process Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All URL: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug...

Release Announcements --------------------- These are security releases in order to address the following defect: o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC). Installations running Samba as a file server only are not directly affected by this fla...

Release Announcements --------------------- These are security releases in order to address the following defect: o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC). Installations running Samba as a file server only are not directly affected by this fla...

...place virtqueue_enable_cb_prepare() after NAPI_STATE_SCHED is cleared, so disable interrupts again if napi_complete_done() returned false. Tested with vhost-user of OVS 2.7 on host, which does not have the event idx feature. * Before patch: $ netperf -t UDP_STREAM -H 192.168.150.253 -l 60 -- -m 1472 MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.150.253 () port 0 AF_INET Socket Message Elapsed Messages Size Size Time Okay Errors Throughput bytes bytes secs # # 10^6bits/sec 212992 1472 60.00 32763206 0 6...

...place virtqueue_enable_cb_prepare() after NAPI_STATE_SCHED is cleared, so disable interrupts again if napi_complete_done() returned false. Tested with vhost-user of OVS 2.7 on host, which does not have the event idx feature. * Before patch: $ netperf -t UDP_STREAM -H 192.168.150.253 -l 60 -- -m 1472 MIGRATED UDP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.150.253 () port 0 AF_INET Socket Message Elapsed Messages Size Size Time Okay Errors Throughput bytes bytes secs # # 10^6bits/sec 212992 1472 60.00 32763206 0 6...

...core libraries ii samba-vfs-modules:amd64 2:4.11.12+dfsg-0.1bionic1 amd64 Samba Virtual FileSystem plugins Il giorno mer 16 set 2020 alle ore 01:33 Tom Diehl via samba < samba at lists.samba.org> ha scritto: > Hi, > > I saw > https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/ > and > https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 > today and I am wondering what impact if any this has on samba AD domains in > particular and samba in general? > > Is samba using the "vulnerabl...

On Tue, 2020-09-15 at 19:33 -0400, Tom Diehl via samba wrote: > Hi, > > I saw > https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/ > and > https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 > today and I am wondering what impact if any this has on samba AD > domains in > particular and samba in general? We expect it would be catastrophic fo...

CentOS Errata and Security Advisory 2009:1472 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2009-1472.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: f64d5c04d1758607994f84231128b2b2 xen-3.0.3-94.el5_4.1.i386.rpm 75eaa182ae3743c2243693ac7b2a02f2...

CentOS Errata and Security Advisory 2009:1472 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2009-1472.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 5c260528b7855f219fe99fac577ed4f3 xen-3.0.3-94.el5_4.1.x86_64.rpm 4fd2ffbb147e1553921637d227b6c3...

CentOS Errata and Bugfix Advisory 2011:1472 Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1472.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: d77b6a3643892456cc72a65fa913d8fa libexif-0.6.20-1.el5_7.1.i386.rpm 87befc55b3b59c80fdf084732e1b127d libe...

CentOS Errata and Bugfix Advisory 2011:1472 Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1472.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: d77b6a3643892456cc72a65fa913d8fa libexif-0.6.20-1.el5_7.1.i386.rpm a035440a320f39c332b4d438575ba6e6 li...

...01432] I [MSGID: 106132] [glusterd-proc-mgmt.c:83:glusterd_proc_stop] 0-management: bitd already stopped [2018-02-02 11:21:58.201589] I [MSGID: 106132] [glusterd-proc-mgmt.c:83:glusterd_proc_stop] 0-management: scrub already stopped [2018-02-02 11:22:00.302648] I [MSGID: 106487] [glusterd-handler.c:1472:__glusterd_handle_cli_list_friends] 0-glusterd: Received cli list req [2018-02-02 11:22:32.998693] I [MSGID: 106487] [glusterd-handler.c:1472:__glusterd_handle_cli_list_friends] 0-glusterd: Received cli list req [2018-02-02 11:23:24.792241] W [common-utils.c:1685:gf_string2boolean] (-->/usr/lib6...

Thanks for the replies. The tool that we used for testing the security vulnerability is "Nessus". I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed in this version and I want to apply patch for the vulnerbailities CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right version that has fixes for these? Thanks On Sat, Apr 25, 2015 at 1:05 AM, <m.roth at 5-cent.us> wrote: > John R Pierce wrote: > > On 4/24/2015 12:14 PM, Alexander Dalloz wrote: > >> Am 24.04.2015 um 11:21 sc...

Mandi! Andrew Bartlett via samba In chel di` si favelave... > If you don't have any trusted domains then the big thing is an attacker > being able to remove a member server from the domain, or get session > keys (assisting a takeover 'MITM attack' of an existing session). So, effectively, on NT domain the attack surface of the bug is reduced? If i've understood well

...eir installations and packages to change this default, as values of: - server schannel = no - server schannel = auto are NOT secure and we expect can result in full domain compromise, particularly for AD domains. Some public exploit tests, such as https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py only confirm that a ServerAuthenticate3 call operates, but not that the ServerPasswordSet2 call required to exploit the domain also operates. We are well aware of administrator concern and are looking to provide patches that provide mitigation here, to make the...

...eir installations and packages to change this default, as values of: - server schannel = no - server schannel = auto are NOT secure and we expect can result in full domain compromise, particularly for AD domains. Some public exploit tests, such as https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py only confirm that a ServerAuthenticate3 call operates, but not that the ServerPasswordSet2 call required to exploit the domain also operates. We are well aware of administrator concern and are looking to provide patches that provide mitigation here, to make the...

...TRACK Update (Johnny Hughes) 2. CEBA-2011:1468 CentOS 5 x86_64 less FASTTRACK Update (Johnny Hughes) 3. CEBA-2011:1467 CentOS 5 i386 openmotif22 FASTTRACK Update (Johnny Hughes) 4. CEBA-2011:1467 CentOS 5 x86_64 openmotif22 FASTTRACK Update (Johnny Hughes) 5. CEBA-2011:1472 CentOS 5 i386 libexif Update (Johnny Hughes) 6. CEBA-2011:1472 CentOS 5 x86_64 libexif Update (Johnny Hughes) 7. CEBA-2011:1473 CentOS 5 i386 ltrace Update (Johnny Hughes) 8. CEBA-2011:1473 CentOS 5 x86_64 ltrace Update (Johnny Hughes) ------------------------------------------------...

Hello ML, are there information about the CVE-2020-1472 , whether this bug also infects samba Server without DC configuration (standalone smb Server) ? I'll did not find any information in the short time and can not decide if this systems are affected. Can you please help me, to clear my clouded brain. best regards Michael