Ubuntu Security Notice USN-4559-1

Ubuntu Security Notice USN-4559-1
September 30, 2020

samba update

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS


Several security improvements were added to Samba.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix


Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the credentials of
the domain admin.

While a previous security update fixed the issue by changing the “server
schannel” setting to default to “yes”, instead of “auto”, which forced a
secure netlogon channel, this update provides additional improvements.

For compatibility reasons with older devices, Samba now allows specifying
an insecure netlogon configuration per machine. See the following link for
examples: https://www.samba.org/samba/security/CVE-2020-1472.html

In addition, this update adds additional server checks for the protocol
attack in the client-specified challenge to provide some protection when
‘server schannel = no/auto’ and avoid the false-positive results when
running the proof-of-concept exploit.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
samba 2:4.11.6+dfsg-0ubuntu1.5

Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.20

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.31

In general, a standard system update will make all the necessary changes.


Package Information: