Feature #11038
closed
SMB2 server should require signed Validate Negotiate requests
100%
Description
When both the client and server enable, but do not require, signing, the SMB server does not check signatures of signed requests, but signs responses to signed requests.. If either the server or the client require signing, the SMB server checks the signature of signed requests, and rejects unsigned ones. This is effective because SMB2's validate negotiate ioctl provides downgrade detection, as it replays the unsigned negotiate under a signed session.
The protocol requires that validate negotiate requests and replies ALWAYS be signed. However, the SMB2 server does not actually enforce this. As such, in a case where the client requires signing, but the server does not, a MITM can downgrade the server's understanding of the client's signing capabilities, and thus cause the server to never check signatures.
Updated by Gordon Ross over 3 years ago
- Description updated (diff)
- Status changed from New to In Progress
Updated by Gordon Ross over 3 years ago
Fix is out for review as part of this PR:
https://github.com/illumos/illumos-gate/pull/68
Updated by Electric Monk over 3 years ago
- % Done changed from 0 to 100
- Status changed from In Progress to Closed
git commit 4ad35fa3117b4f36004f76885e267a46c738a794
commit 4ad35fa3117b4f36004f76885e267a46c738a794
Author: Matt Barden <matt.barden@nexenta.com>
Date: 2019-11-14T14:23:07.000Z
11038 SMB2 server should require signed Validate Negotiate requests
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Andrew Stormont <astormont@racktopsystems.com>
Approved by: Garrett D'Amore <garrett@damore.org>