{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/490028#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nThe Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges.\r\n\r\n### Description\r\nThe Microsoft Windows Netlogon Remote Protocol (MS-NRPC) is a core authentication component of Active Directory that provides authentication for user and computer accounts. MS-NRPC uses [an initialization vector (IV) of 0 (zero)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/13db7494-6d2c-4448-be8f-cb5ba03e95d6) in AES-CFB8 mode when authenticating computer accounts.\r\n\r\n[*Zerologon: Unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)*](https://www.secura.com/pathtoimg.php?id=2055) describes how this cryptographic failure allows a trivial statistical attack on the MS-NRPC authentication handshake:\r\n\r\n>The ComputeNetlogonCredential function, however, defines that this IV is fixed and should always consist of 16 zero bytes. This violates the requirements for using AES-CFB8 securely: its security properties only hold when IVs are random.\r\n>\r\n>...\r\n>\r\n>When encrypting a message consisting only of zeroes, with an all-zero IV, there is a 1 in 256 chance that the output will only contain zeroes as well.\r\n\r\nBy choosing a client challenge and ClientCredential of all zeros, an attacker has a 1 in 256 chance of successfully authenticating as any domain-joined computer. By impersonating a domain controller, an attacker can take additional steps to change a computer's Active Directory password ([Exploit step 4: changing a computer’s AD password](https://www.secura.com/pathtoimg.php?id=2055)) and potentially gain domain administrator privileges ([Exploit step 5: from password change to domain admin](https://www.secura.com/pathtoimg.php?id=2055)).\r\n\r\nBecause Samba has implemented the MS-NRPC protocol as it has been designed by Microsoft, Samba domain controllers are also affected by this vulnerability.\r\n\r\n### Impact\r\nAn unauthenticated attacker with network access to a domain controller can impersonate any domain-joined computer, including a domain controller. Among other actions, the attacker can set an empty password for the domain controller's Active Directory computer account, causing a denial of service, and potentially allowing the attacker to gain domain administrator privileges.\r\n\r\nThe compromise of Active Directory infrastructure is likely a significant and costly impact.\r\n\r\n### Solution\r\n\r\n#### Apply an update\r\nOn August 11, 2020, Microsoft issued [an advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472) that provides updates for this vulnerability.\r\n\r\n#### Enable secure RPC enforcement mode\r\nThe August 2020 updates for CVE-2020-1472 include changes to domain controllers that can optionally be enabled to [require secure RPC](https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc) for Netlogon secure channel connections. The changes to require secure RPC must be made to receive the most complete protection from this vulnerability. For systems that have the August 2020 update for CVE-2020-1472, enabling secure RPC [enforcement mode](https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#EnforcementMode) will change domain controller behavior to require Netlogon secure channel connections using secure [MS-NRPC](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f). This change to enable enforcement mode will be deployed automatically on or after February 9, 2021.\r\n\r\n### Acknowledgements\r\nMicrosoft acknowledges Tom Tervoort of Secura for reporting this vulnerability.\r\n\r\n This document was written by Eric Hatleback, Art Manion, and Will Dormann.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"Samba domain controllers (AD and NT4-like) can be impacted by the ZeroLogon CVE-2020-1472 vulnerability, but supported versions are not impacted in the default configuration.\r\n\r\nSamba, like Microsoft, suggest that `\"server schannel = yes\"` must be set for secure operation. This is Samba's equivalent to Microsoft's `FullSecureChannelProtection=1` registry key.\r\n\r\nThe key difference between Samba and Microsoft Windows is that it's already enabled by default in all Samba major versions released since March 2018 (Samba 4.8 and later).\r\n\r\nThere seem to be some legacy software, which still requires `\"server schannel = auto\"`. Samba will soon add additional hardening that will allow administrators to use `\"server schannel = yes\"` globally and define exceptions only for specified computer accounts.\r\n\r\nSamba's progress can be monitored via this bug: https://bugzilla.samba.org/show_bug.cgi?id=14497","title":"Vendor statment from Samba"},{"category":"other","text":"Samba [requires secure Netlogon connections by default since version 4.8](https://wiki.samba.org/index.php/Samba_Security_Documentation#NETLOGON_Secure_Channel_.28Schannel.29). Versions of Samba prior to 4.8 are vulnerable by default. Samba versions 4.8 and later are vulnerable if they are configured to override the [server schannel](https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERSCHANNEL) default value to \"auto\" or \"no\".","title":"CERT/CC comment on Samba notes"},{"category":"other","text":"Only AD domain controller implementations are potentially at risk, as detailed in the linked paper. (DC server “NetLogon” functions are the attack surface for this vulnerability.) We do not implement a domain controller, therefore we are NOT VULNERABLE.\r\n \r\nWe are AFFECTED, because our AD clients will need adjustment to a world that fixes this vulnerability, however.  See https://www.illumos.org/issues/13169  It is now fixed in illumos upstream.","title":"Vendor statment from Illumos"},{"category":"other","text":"FreeBSD does not include support for MS-NRPC in the base system.  Users who install third-party software (e.g. Samba) from ports or packages may be affected.","title":"Vendor statment from FreeBSD Project"},{"category":"other","text":"HardenedBSD provides Samba as a third-party package, not installed by default.","title":"Vendor statment from HardenedBSD"},{"category":"other","text":"Only AD domain controller implementations are potentially at risk, as detailed in the linked paper. (DC server “NetLogon” functions are the attack surface for this vulnerability.) We do not implement a domain controller, therefore we are NOT VULNERABLE to the attack.\r\n\r\nWe are *AFFECTED* insofar as illumos SMB/CIFS clients will need to be adjusted to interoperate with DCs that address this vulnerability.\r\n\r\nhttps://www.illumos.org/issues/13169\r\n\r\nThis illumos issue has been fixed in upstream illumos.","title":"Vendor statment from Joyent"},{"category":"other","text":"Synology confirms the Synology Directory Server is affected and has published a security advisory Synology-SA-20:21 to respond to CVE-2020-1472.","title":"Vendor statment from Synology"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/490028"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472","summary":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472"},{"url":"https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc","summary":"https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc"},{"url":"https://techcommunity.microsoft.com/t5/microsoft-365-defender/zerologon-is-now-detected-by-microsoft-defender-for-identity-cve/ba-p/1734034","summary":"https://techcommunity.microsoft.com/t5/microsoft-365-defender/zerologon-is-now-detected-by-microsoft-defender-for-identity-cve/ba-p/1734034"},{"url":"https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/13db7494-6d2c-4448-be8f-cb5ba03e95d6","summary":"https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/13db7494-6d2c-4448-be8f-cb5ba03e95d6"},{"url":"https://www.secura.com/pathtoimg.php?id=2055","summary":"https://www.secura.com/pathtoimg.php?id=2055"},{"url":"https://www.samba.org/samba/security/CVE-2020-1472.html","summary":"https://www.samba.org/samba/security/CVE-2020-1472.html"},{"url":"https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERSCHANNEL","summary":"https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERSCHANNEL"},{"url":"https://github.com/SecuraBV/CVE-2020-1472","summary":"https://github.com/SecuraBV/CVE-2020-1472"},{"url":"https://github.com/dirkjanm/CVE-2020-1472","summary":"https://github.com/dirkjanm/CVE-2020-1472"},{"url":"https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon","summary":"https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon"},{"url":"https://github.com/CERTCC/PoC-Exploits/tree/master/cve-2020-1472","summary":"https://github.com/CERTCC/PoC-Exploits/tree/master/cve-2020-1472"},{"url":"https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/","summary":"https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/"},{"url":"https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20200916","summary":"https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20200916"},{"url":"https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/","summary":"https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/"},{"url":"https://www.samba.org/samba/security/CVE-2020-1472.html","summary":"Reference(s) from vendor \"Samba\""},{"url":"https://bugzilla.samba.org/show_bug.cgi?id=14497","summary":"Reference(s) from vendor \"Samba\""},{"url":"https://lists.samba.org/archive/samba/2020-September/232011.html","summary":"Reference(s) from vendor \"Samba\""},{"url":"https://wiki.samba.org/index.php/Samba_Security_Documentation","summary":"Reference(s) from vendor \"Samba\""},{"url":"https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html","summary":"Reference(s) from vendor \"Samba\""},{"url":"https://help.univention.com/t/status-of-zerologon-cve-2020-1472-security-issue-in-ucs/16107","summary":"Reference(s) from vendor \"Univention\""},{"url":"https://forge.univention.org/bugzilla/show_bug.cgi?id=52041","summary":"Reference(s) from vendor \"Univention\""},{"url":"https://www.synology.com/security/advisory/Synology_SA_20_21","summary":"Reference(s) from vendor \"Synology\""},{"url":"https://www.synology.com/dsm/feature/active_directory","summary":"Reference(s) from vendor \"Synology\""},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472","summary":"Reference(s) from vendor \"Microsoft\""},{"url":"https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc","summary":"Reference(s) from vendor \"Microsoft\""}],"title":"Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector","tracking":{"current_release_date":"2021-03-19T14:30:37+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#490028","initial_release_date":"2020-09-16 16:48:54.419828+00:00","revision_history":[{"date":"2021-03-19T14:30:37+00:00","number":"1.20210319143037.18","summary":"Released on 2021-03-19T14:30:37+00:00"}],"status":"final","version":"1.20210319143037.18"}},"vulnerabilities":[{"title":"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.","notes":[{"category":"summary","text":"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'."}],"cve":"CVE-2020-1472","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#490028"}],"references":[{"url":"https://www.secura.com/pathtoimg.php?id=2055","summary":"Only AD domain controller implementations are potentially at risk, as detailed in the linked paper. (DC server “NetLogon” functions are the attack surface for this vulnerability.) We do not implement a domain controller, therefore we are not vulnerable.","category":"external"}],"product_status":{"known_affected":["CSAFPID-1a523ff6-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5281a0-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a53972a-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a53c506-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a53f828-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5425b4-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a545ed0-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5489aa-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a54c7b2-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a551082-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a553b5c-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a55888c-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a55b62c-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a55dce2-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a560d16-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a563bd8-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a566676-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a56a456-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a56d50c-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a570e78-39ef-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-1a51f280-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a52cc32-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a532b64-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a537056-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a574f32-39ef-11f1-8422-122e2785dc9f"]}},{"title":"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.","notes":[{"category":"summary","text":"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'."}],"cve":"CVE-2020-1472","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#490028"}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472","summary":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472","category":"external"},{"url":"https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc","summary":"https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc","category":"external"}],"product_status":{"known_affected":["CSAFPID-1a57de7a-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5811ce-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a583cbc-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a587dbc-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a58ba84-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a591236-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a594350-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a598b30-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a59b2b8-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a59d75c-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5a0948-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5a4124-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5a7676-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5abb90-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5b157c-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5b4d94-39ef-11f1-8422-122e2785dc9f","CSAFPID-1a5bab36-39ef-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Joyent","product":{"name":"Joyent Products","product_id":"CSAFPID-1a51f280-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Google","product":{"name":"Google Products","product_id":"CSAFPID-1a523ff6-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"NetBSD","product":{"name":"NetBSD Products","product_id":"CSAFPID-1a5281a0-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"F5 Networks Inc.","product":{"name":"F5 Networks Inc. Products","product_id":"CSAFPID-1a52cc32-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Blackberry QNX","product":{"name":"Blackberry QNX Products","product_id":"CSAFPID-1a532b64-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"FreeBSD Project","product":{"name":"FreeBSD Project Products","product_id":"CSAFPID-1a537056-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Samba","product":{"name":"Samba Products","product_id":"CSAFPID-1a53972a-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-1a53c506-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gentoo Linux","product":{"name":"Gentoo Linux Products","product_id":"CSAFPID-1a53f828-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Ubuntu","product":{"name":"Ubuntu Products","product_id":"CSAFPID-1a5425b4-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Debian GNU/Linux","product":{"name":"Debian GNU/Linux Products","product_id":"CSAFPID-1a545ed0-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arch Linux","product":{"name":"Arch Linux Products","product_id":"CSAFPID-1a5489aa-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"CentOS","product":{"name":"CentOS Products","product_id":"CSAFPID-1a54c7b2-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Slackware Linux Inc.","product":{"name":"Slackware Linux Inc. Products","product_id":"CSAFPID-1a551082-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-1a553b5c-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Alpine Linux","product":{"name":"Alpine Linux Products","product_id":"CSAFPID-1a55888c-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fedora Project","product":{"name":"Fedora Project Products","product_id":"CSAFPID-1a55b62c-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Geexbox","product":{"name":"Geexbox Products","product_id":"CSAFPID-1a55dce2-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Micro Focus","product":{"name":"Micro Focus Products","product_id":"CSAFPID-1a560d16-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-1a563bd8-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Turbolinux","product":{"name":"Turbolinux Products","product_id":"CSAFPID-1a566676-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"HardenedBSD","product":{"name":"HardenedBSD Products","product_id":"CSAFPID-1a56a456-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-1a56d50c-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Univention","product":{"name":"Univention Products","product_id":"CSAFPID-1a570e78-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Illumos","product":{"name":"Illumos Products","product_id":"CSAFPID-1a574f32-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Gentoo Linux","product":{"name":"Gentoo Linux Products","product_id":"CSAFPID-1a57de7a-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Ubuntu","product":{"name":"Ubuntu Products","product_id":"CSAFPID-1a5811ce-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Debian GNU/Linux","product":{"name":"Debian GNU/Linux Products","product_id":"CSAFPID-1a583cbc-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Arch Linux","product":{"name":"Arch Linux Products","product_id":"CSAFPID-1a587dbc-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"CentOS","product":{"name":"CentOS Products","product_id":"CSAFPID-1a58ba84-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Slackware Linux Inc.","product":{"name":"Slackware Linux Inc. Products","product_id":"CSAFPID-1a591236-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Red Hat","product":{"name":"Red Hat Products","product_id":"CSAFPID-1a594350-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Alpine Linux","product":{"name":"Alpine Linux Products","product_id":"CSAFPID-1a598b30-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Fedora Project","product":{"name":"Fedora Project Products","product_id":"CSAFPID-1a59b2b8-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Geexbox","product":{"name":"Geexbox Products","product_id":"CSAFPID-1a59d75c-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Micro Focus","product":{"name":"Micro Focus Products","product_id":"CSAFPID-1a5a0948-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"SUSE Linux","product":{"name":"SUSE Linux Products","product_id":"CSAFPID-1a5a4124-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Turbolinux","product":{"name":"Turbolinux Products","product_id":"CSAFPID-1a5a7676-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Univention","product":{"name":"Univention Products","product_id":"CSAFPID-1a5abb90-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Synology","product":{"name":"Synology Products","product_id":"CSAFPID-1a5b157c-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Samba","product":{"name":"Samba Products","product_id":"CSAFPID-1a5b4d94-39ef-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-1a5bab36-39ef-11f1-8422-122e2785dc9f"}}]}}