Track CVE-2020-1472 for samba

author: Salvatore Bonaccorso <carnil@debian.org> 2020-09-16 17:09:30 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-09-16 17:09:30 +0200
commit: ae43c4502f0200ef7b32cb6bff30356bd2d65688 (patch)
tree: 264884219d800ade74a52cf354700288d0258430 /data
parent: 2250fc7866c411cf87d9a5dca27cdeb00a179d9c (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index d7bf4eaa9a..0ca81873f9 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -53930,8 +53930,11 @@ CVE-2020-1474 (An information disclosure vulnerability exists when the Windows I
 CVE-2020-1473 (A remote code execution vulnerability exists when the Windows Jet Data ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker establ ...)
-	NOT-FOR-US: Microsoft
+	- samba <unfixed>
 	NOTE: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
+	NOTE: Originally a Microsoft only CVE but it was found that the ZeroLogon attack
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14497
+	NOTE: Mitigation: server schannel = yes; but code changes planned.
 CVE-2020-1471 (An elevation of privilege vulnerability exists when Microsoft Windows  ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-1470 (An elevation of privilege vulnerability exists when the Windows Work F ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-09-16 17:09:30 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-09-16 17:09:30 +0200
commit	ae43c4502f0200ef7b32cb6bff30356bd2d65688 (patch)
tree	264884219d800ade74a52cf354700288d0258430 /data
parent	2250fc7866c411cf87d9a5dca27cdeb00a179d9c (diff)