On September 11, Secura research published a new software vulnerability called “ZeroLogon”, which exploits a protocol weakness in the SMB Netlogon protocol. This vulnerability may affect users of SUSE Linux Enterprise Server running Samba servers in older or non-standard configurations. Attackers could use it to bypass access control to the domain controller.
A workaround mitigation is available now. Please ensure your Samba configuration file /etc/samba/smb.conf contains the line
server schannel = yes in the
This is the default configuration for Samba 4.8 and up (latest is 4.12). Please restart the server if necessary, with
“sudo service smb restart”.
We are releasing fixes and updates to all affected versions to eliminate the exploit potential. Fixes for SUSE Linux Enterprise Server 12 and later will be issued in the next days. Along with additional technical details, they will be available here:
If you have any questions or concerns, please reach out to your SUSE contact. Security and reliability continue to be top priorities for SUSE because they are top priorities for our customers and partners. And as always, customers and partners come first.