严重 Microsoft Windows Netlogon 权限提升漏洞(CVE-2020-1472)
CVE编号
CVE-2020-1472利用情况
POC 已公开补丁情况
官方补丁披露时间
2020-08-11漏洞描述
Microsoft Windows Netlogon是美国微软(Microsoft)公司的Windows的一个重要组件,主要功能是用户和机器在域内网络上的认证,以及复制数据库以进行域控备份,同时还用于维护域成员与域之间、域与域控之间、域DC与跨域DC之间的关系。 Microsoft Windows Netlogon 存在安全漏洞。攻击者可以使用 Netlogon 远程协议 (MS-NRPC) 建立与域控制器的易受攻击的 Netlogon 安全通道连接并进行特权提升。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1472受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | samba | samba | * | Up to (excluding) 4.10.18 | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | samba | * | From (including) 4.11.0 | Up to (excluding) 4.11.13 | ||||
| 运行在以下环境 | |||||||||
| 应用 | samba | samba | * | From (including) 4.12.0 | Up to (excluding) 4.12.7 | ||||
| 运行在以下环境 | |||||||||
| 应用 | synology | directory_server | * | Up to (excluding) 4.4.5-0101 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | samba | * | Up to (excluding) 4.10.16-9.1.al7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | samba | * | Up to (excluding) 4.10.18-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | samba | * | Up to (excluding) 4.11.14-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.16 | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.17 | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.18 | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | samba | * | Up to (excluding) 4.12.7-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon linux_2 | samba | * | Up to (excluding) 4.10.16-9.amzn2.0.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon linux_AMI | samba | * | Up to (excluding) 4.10.16-9.56.amzn1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | samba | * | Up to (excluding) 4.10.16-9.amzn2.0.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | samba | * | Up to (excluding) 4.10.16-9.56.amzn1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | anolis_os_8 | mysql | * | Up to (excluding) 8.0.21-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | anolis_os_8.2 | mysql | * | Up to (excluding) 8.0.21-1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | canonical | ubuntu_linux | 14.04 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | canonical | ubuntu_linux | 16.04 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | canonical | ubuntu_linux | 18.04 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_7 | samba | * | Up to (excluding) 4.10.16-9.el7_9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | samba | * | Up to (excluding) 4.13.3-3.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | samba | * | Up to (including) 4.9.5+dfsg-5+deb10u3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | samba | * | Up to (excluding) 2:4.13.2+dfsg-2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | samba | * | Up to (excluding) 2:4.13.2+dfsg-2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | samba | * | Up to (excluding) 2:4.5.16+dfsg-1+deb9u3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | samba | * | Up to (excluding) 2:4.13.2+dfsg-2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedoraproject | fedora | 32 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedoraproject | fedora | 33 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | samba | * | Up to (excluding) 4.11.13-0.fc31 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_32 | samba | * | Up to (excluding) 4.12.7-0.fc32 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_33 | samba | * | Up to (excluding) 4.13.0-11.fc33 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_34 | samba | * | Up to (excluding) 4.13.0-0.10.rc6.fc34 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10 | ctdb | * | Up to (excluding) 4.10.16-9.el7_9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP1 | ctdb | * | Up to (excluding) 4.11.12-8.p02.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_loongarch64_V10SP1 | ctdb | * | Up to (excluding) 4.11.12-8.p02.a.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10 | ctdb | * | Up to (excluding) 4.10.16-9.el7_9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP1 | ctdb | * | Up to (excluding) 4.11.12-8.p02.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP2 | ctdb | * | Up to (excluding) 4.11.12-15.p01.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2008 | r2 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2012 | - | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2012 | r2 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2016 | - | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2016 | 1903 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2016 | 1909 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2016 | 2004 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2019 | - | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse | leap | 15.1 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse | leap | 15.2 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.1 | samba | * | Up to (excluding) 4.9.5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | samba | * | Up to (excluding) 4.11.13 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle linux_7 | samba | * | Up to (excluding) 4.10.16-9.el7_9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle linux_8 | samba | * | Up to (excluding) 8.0.21-1.module+el8.2.0+7793+cfe2b687 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_7 | samba | * | Up to (excluding) 4.10.16-9.el7_9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | samba | * | Up to (excluding) 4.13.3-3.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_7 | ctdb | * | Up to (excluding) 4.10.16-9.el7_9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | samba | * | Up to (excluding) 4.13.3-3.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | sles_12_SP5 | samba | * | Up to (excluding) 4.10.18 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | samba | * | Up to (excluding) 4.10.18 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04 | samba | * | Up to (excluding) 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_14.04_lts | samba | * | Up to (excluding) 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | samba | * | Up to (excluding) 2:4.3.11+dfsg-0ubuntu0.16.04.30 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04.7_lts | samba | * | Up to (excluding) 2:4.3.11+dfsg-0ubuntu0.16.04.30 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04_lts | samba | * | Up to (excluding) 2:4.3.11+dfsg-0ubuntu0.16.04.30 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | samba | * | Up to (excluding) 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04.5_lts | samba | * | Up to (excluding) 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04_lts | samba | * | Up to (excluding) 2:4.7.6+dfsg~ubuntu-0ubuntu2.19 | |||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 POC 已公开
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 服务器失陷
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-269 | 特权管理不恰当 |
| CWE-330 | 使用不充分的随机数 |
Exp相关链接
- https://github.com//dirkjanm/CVE-2020-1472
- https://github.com/0xcccc666/cve-2020-1472_Tool-collection
- https://github.com/0xkami/CVE-2020-1472
- https://github.com/422926799/CVE-2020-1472
- https://github.com/b1ack0wl/CVE-2020-1472
- https://github.com/bb00/zer0dump
- https://github.com/CanciuCostin/CVE-2020-1472
- https://github.com/CPO-EH/CVE-2020-1472_ZeroLogonChecker
- https://github.com/cube0x0/CVE-2020-1472
- https://github.com/dirkjanm/CVE-2020-1472
- https://github.com/Fa1c0n35/CVE-2020-1472
- https://github.com/Fa1c0n35/CVE-2020-1472-02-
- https://github.com/Fa1c0n35/SecuraBV-CVE-2020-1472
- https://github.com/grupooruss/CVE-2020-1472
- https://github.com/harshil-shah004/zerologon-CVE-2020-1472
- https://github.com/hectorgie/CVE-2020-1472
- https://github.com/hell-moon/ZeroLogon-Exploit
- https://github.com/JayP232/The_big_Zero
- https://github.com/johnpathe/zerologon-cve-2020-1472-notes
- https://github.com/k8gege/CVE-2020-1472-EXP
- https://github.com/Kamimuka/CVE-2020-1472
- https://github.com/Ken-Abruzzi/cve-2020-1472
- https://github.com/maikelnight/zerologon
- https://github.com/midpipps/CVE-2020-1472-Easy
- https://github.com/mingchen-script/CVE-2020-1472-visualizer
- https://github.com/mstxq17/cve-2020-1472
- https://github.com/murataydemir/CVE-2020-1472
- https://github.com/NAXG/CVE-2020-1472
- https://github.com/npocmak/CVE-2020-1472
- https://github.com/Privia-Security/ADZero
- https://github.com/puckiestyle/CVE-2020-1472
- https://github.com/Qazeer/dirkjanm_CVE-2020-1472_static_binaries
- https://github.com/rhymeswithmogul/Set-ZerologonMitigation
- https://github.com/risksense/zerologon
- https://github.com/s0wr0b1ndef/CVE-2020-1472
- https://github.com/SaharAttackit/CVE-2020-1472
- https://github.com/scv-m/zabbix-template-CVE-2020-1472
- https://github.com/SecuraBV/CVE-2020-1472
- https://github.com/shanfenglan/cve-2020-1472
- https://github.com/sho-luv/zerologon
- https://github.com/striveben/CVE-2020-1472
- https://github.com/sv3nbeast/CVE-2020-1472
- https://github.com/t31m0/CVE-2020-1472
- https://github.com/Tobey123/CVE-2020-1472-visualizer
- https://github.com/victim10wq3/CVE-2020-1472
- https://github.com/VoidSec/CVE-2020-1472
- https://github.com/Whippet0/CVE-2020-1472
- https://github.com/WiIs0n/Zerologon_CVE-2020-1472
- https://github.com/wrathfulDiety/zerologon
- https://github.com/YossiSassi/ZeroLogon-Exploitation-Check
- https://github.com/zeronetworks/zerologon
- https://gitlab.com/darthploit/CVE-2020-1472
- https://gitlab.com/NdFeB/zer0dump-installer
- https://gitlab.com/we88c0de/CVE-2020-1472
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb
- https://tryhackme.com/room/zer0logon
- https://www.exploit-db.com/exploits/49071
- https://www.hackthebox.eu/home/machines/profile/232
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论