similar to: [Announce] Samba 4.13.0 Available for Download

Release Announcements ===================== This is the sixth release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. SECURITY ======== o CVE-2020-1472: Unauthenticated

Release Announcements ===================== This is the sixth release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. SECURITY ======== o CVE-2020-1472: Unauthenticated

Release Announcements --------------------- These are security releases in order to address the following defect: o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC). Installations running Samba as a file server only are

Release Announcements --------------------- These are security releases in order to address the following defect: o CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). The following applies to Samba used as domain controller only (most seriously the Active Directory DC, but also the classic/NT4-style DC). Installations running Samba as a file server only are

Release Announcements ===================== This is the fourth release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fourth release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fifth release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the fifth release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Hi, I saw https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/ and https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 today and I am wondering what impact if any this has on samba AD domains in particular and samba in general? Is samba using the "vulnerable Netlogon secure channel connection"? Will samba continue to

The following applies to Samba used as domain controller only. (Both as classic/NT4-style and active direcory DC.) Samba users have reported that the exploit for "ZeroLogin" passes against Samba. Samba has some protection for this issue because since Samba 4.8 we have set a default of 'server schannel = yes'. Users who have changed this default are hereby warned that

The following applies to Samba used as domain controller only. (Both as classic/NT4-style and active direcory DC.) Samba users have reported that the exploit for "ZeroLogin" passes against Samba. Samba has some protection for this issue because since Samba 4.8 we have set a default of 'server schannel = yes'. Users who have changed this default are hereby warned that

On Tue, 2020-09-15 at 19:33 -0400, Tom Diehl via samba wrote: > Hi, > > I saw > https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/ > and > https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 > today and I am wondering what impact if any this has on samba AD > domains in > particular and samba in

Release Announcements ===================== This is the third release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the third release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Yes $ ./zerologon_tester.py ap42 192.168.1.2 Performing authentication attempts...

Hello ML, are there information about the CVE-2020-1472 , whether this bug also infects samba Server without DC configuration (standalone smb Server) ? I'll did not find any information in the short time and can not decide if this systems are affected. Can you please help me, to clear my clouded brain. best regards Michael

Release Announcements --------------------- This is the latest stable release of the Samba 4.12 release series. Changes since 4.12.7 -------------------- o G?nther Deschner <gd at samba.org> * BUG 14318: docs: Add missing winexe manpage. o Volker Lendecke <vl at samba.org> * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 response. o Laurent

Release Announcements --------------------- This is the latest stable release of the Samba 4.12 release series. Changes since 4.12.7 -------------------- o G?nther Deschner <gd at samba.org> * BUG 14318: docs: Add missing winexe manpage. o Volker Lendecke <vl at samba.org> * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1 response. o Laurent

Release Announcements ===================== This is the first release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES

Release Announcements ===================== This is the first release condidate of Samba 4.13. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.13 will be the next version of the Samba suite. UPGRADING ========= NEW FEATURES/CHANGES