svn commit: samba-web r1144 - in trunk: . history security
jerry at samba.org
jerry at samba.org
Tue Sep 11 13:34:37 GMT 2007
Author: jerry
Date: 2007-09-11 13:34:35 +0000 (Tue, 11 Sep 2007)
New Revision: 1144
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1144
Log:
release announcements
Added:
trunk/history/samba-3.0.26a.html
trunk/security/CVE-2007-4138.html
Modified:
trunk/history/security.html
trunk/index.html
Changeset:
Added: trunk/history/samba-3.0.26a.html
===================================================================
--- trunk/history/samba-3.0.26a.html 2007-09-05 18:03:05 UTC (rev 1143)
+++ trunk/history/samba-3.0.26a.html 2007-09-11 13:34:35 UTC (rev 1144)
@@ -0,0 +1,91 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.0.26a Available for Download</H2>
+
+<p>
+<pre>
+ ===============================
+ Release Notes for Samba 3.0.26a
+ Sep 11, 2007
+ ===============================
+
+This is a bug fix release of the Samba 3.0.26 code base and is the
+version that servers should be run for for all current bug Samba 3.0.x
+fixes.
+
+Major bug fixes included in Samba 3.0.26a are:
+
+ o Memory leaks in Winbind's IDMap manager.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.26
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * Fix read_sock() semantics in wb_common.c to address "invalid
+ request size" errors in winbindd logs.
+ * Fix use of pwrite() in tdb IO code paths.
+
+
+o Jeremy Allison <jra at samba.org>
+ * Fix logic error in timeout of blocking lock processing.
+
+
+o Guenther Deschner <gd at samba.org>
+ * Fix error code in the msrpc EnumerateDomainGroups() Winbind
+ method when a memory allocation fails.
+ * Fix Winbind initialization storms when contacting an older Samba
+ DC.
+
+
+o Volker Lendecke <vl at samba.org>
+ * Fix compile failure in NFSv4 VFS module.
+ * Fix compile failures on True64.
+ * Fix compile failure in unmaintained python bindings.
+ * BUG 4917: Fix memory leaks in Winbind's idmap_ldap and
+ idmap_cache backends.
+ * Coverity fixes in the group mapping code.
+
+
+o Derrell Lipman <derrell at samba.org>
+ * Remove NetBIOS keepalives from libsmbclient and consolidate on
+ the use of getpeername() when checking connection health.
+ * Use formal syntax for invoking function pointers in
+ libsmbclient.
+
+
+o Lars Mueller <lars at samba.org>
+ * Fixes for Winbind's AD site support when the host is not
+ configured in any site or nor DC's are present within the host's
+ configured site.
+
+
+o Simo Sorce <idra at samba.org>
+ * Debian packaging updates for 3.0.25c.
+ * Add sanity checks for "smb ports" values.
+ * Fix compile issues related to the VFS "open" method and newer
+ glibc implementations.
+ * Fix a segv in smbldap_set_creds() when using an anonymous
+ connection.
+ * BUG 4772: Fix us of ldap_base_dn for the idmap_ldap plugin.
+</pre>
+
+<p>Please refer to the original <a href="/samba/history/samba-3.0.25c.html">Samba
+3.0.25c Release Notes</a> for more details regarding changes in
+previous releases. Also note that Samba 3.0.26 was a security release
+to address <a href="/samba/security/CVE-2007-4138.html">CVE-2007-4138</a>.</p>
+</body>
+</html>
+
Property changes on: trunk/history/samba-3.0.26a.html
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/history/security.html
===================================================================
--- trunk/history/security.html 2007-09-05 18:03:05 UTC (rev 1143)
+++ trunk/history/security.html 2007-09-11 13:34:35 UTC (rev 1144)
@@ -22,6 +22,15 @@
</tr>
<tr>
+ <td>11 Sep 2007</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch">patch for Samba 3.0.25</a></td>
+ <td>Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin.</td>
+ <td>Samba 3.0.25 - 3.0.25c</td>
+ <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138">CVE-2007-4138</a></td>
+ <td><a href="/samba/security/CVE-2007-4138.html">Announcement</a></td>
+ </tr>
+
+ <tr>
<td>14 May 2007</td>
<td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447_v2.patch">patch for Samba 3.0.24</a></td>
<td>Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list).</td>
@@ -30,6 +39,7 @@
<td><a href="/samba/security/CVE-2007-2447.html">Announcement</a></td>
</tr>
+ <tr>
<td>14 May 2007</td>
<td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446_v2.patch">patch for Samba 3.0.24</a></td>
<td>Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code).</td>
@@ -38,6 +48,7 @@
<td><a href="/samba/security/CVE-2007-2446.html">Announcement</a></td>
</tr>
+ <tr>
<td>14 May 2007</td>
<td><a href="/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444_v2.patch">patch for Samba 3.0.24</a></td>
<td>Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter).</td>
Modified: trunk/index.html
===================================================================
--- trunk/index.html 2007-09-05 18:03:05 UTC (rev 1143)
+++ trunk/index.html 2007-09-11 13:34:35 UTC (rev 1144)
@@ -19,6 +19,27 @@
<h2>Current Release</h2>
+ <h4><a name="latest">11 Sep 2007</a></h4>
+ <p class="headline">Samba 3.0.26 and Samba 3.0.26a Available for Download</p>
+
+ <p>Samba 3.0.26 and Samba 3.0.26a are now available for download.
+ Samba 3.0.26 is a security release to address <a href="/samba/security/CVE-2007-4138.html">CVE-2007-4138</a>.
+ Samba 3.0.26a is the latest bug fix release for the Samba 3.0.26
+ code base and is the version that servers should run for all
+ current Samba 3.0 bug fixes. Please review the <a
+ href="/samba/history/samba-3.0.26a.html">Release Notes</a> for a
+ complete of list of changes.</p>
+
+ <p>The <a href="/samba/ftp/stable/samba-3.0.26.tar.gz">Samba 3.0.26</a>
+ and <a href="/samba/ftp/samba-3.0.26a.tar.gz">Samba 3.0.26a</a>
+ source code can be downloaded now.
+ If you prefer, the <a href="/samba/ftp/patches/">patch
+ files against previous releases</a> are also available for download.
+ Please read these <a href="/samba/download/">instructions on
+ how to verify the gpg signature</a>. Precompiled packages will
+ be made available on a volunteer basis and can be found in the
+ <a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p>
+
<h4>4 September 2007</h4>
<p class="headline">Samba 4.0.0 alpha1 Available for Download</p>
@@ -42,36 +63,6 @@
<a href="/samba/ftp/samba4/samba-4.0.0alpha1.tar.gz">downloaded now</a>.</p>
- <h4><a name="latest">20 Aug 2007</a></h4>
- <p class="headline">Samba 3.0.25c Available for Download</p>
-
- <p>Samba 3.0.25c is now available for download.
- This is the latest production release of the Samba 3.0.25 code
- base and is the version that servers should be running for all
- current bug fixes.</p>
-
- <p>The 3.0.25 release series is an upgrade release over the 3.0.23/3.0.24
- releases which means that a substantial amount of development has
- occurred and many new features have been added since the last
- Samba production release. Please review the <a
- href="/samba/history/samba-3.0.25c.html">Release Notes</a> for a
- complete of list of changes.</p>
-
- <p>The <a href="/samba/ftp/samba-3.0.25c.tar.gz">Samba 3.0.25c
- source code</a> can be downloaded now. The <a
- href="/samba/ftp/samba-3.0.25c.tar.asc">GnuPG
- signature is for the <em>un</em>compressed tarball</a>.
- If you prefer, the <a
- href="/samba/ftp/patch-3.0.25b-3.0.25c.diffs.gz">patch
- file against Samba 3.0.25b</a>
- (<a href="/samba/ftp/patch-3.0.25b-3.0.25c.diffs.asc">GnuPG
- signature</a>) is also available for download.
- Please read these <a href="/samba/download/">instructions on
- how to verify the gpg signature</a>. Precompiled packages will
- be made available on a volunteer basis and can be found in the
- <a href="/samba/ftp/Binary_Packages/">Binary_Packages download area</a>.</p>
-
-
<div class="plugs">
<a href="/samba/team/tshirt.html"><img src="/samba/images/t-small.jpg"
alt="Samba t-shirt" /></a>
Added: trunk/security/CVE-2007-4138.html
===================================================================
--- trunk/security/CVE-2007-4138.html 2007-09-05 18:03:05 UTC (rev 1143)
+++ trunk/security/CVE-2007-4138.html 2007-09-11 13:34:35 UTC (rev 1144)
@@ -0,0 +1,107 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2007-4138: Incorrect primary group assignment domain users
+ using the rfc2307 or sfu winbind nss info plugin</H2>
+
+<p>
+<pre>
+==========================================================
+==
+== Subject: Incorrect primary group assignment for
+== domain users using the rfc2307 or sfu
+== winbind nss info plugin.
+==
+== CVE ID#: CVE-2007-4138
+==
+== Versions: Samba 3.0.25 - 3.0.25c (inclusive)
+==
+== Summary: When the "winbind nss info" parameter in
+== smb.conf is set to either "sfu" or "rfc2307",
+== Windows users are incorrectly assigned
+== a primary gid of 0 in the absence of the
+== RFC2307 or Services or Unix (SFU) primary
+== group attributes.
+==
+==========================================================
+
+===========
+Description
+===========
+
+The idmap_ad.so library provides an nss_info extension to Winbind
+for retrieving a user's home directory path, login shell and
+primary group id from an Active Directory domain controller. This
+functionality is enabled by defining the "winbind nss info"
+smb.conf option to either "sfu" or "rfc2307".
+
+Both the Windows "Identity Management for Unix" and "Services for
+Unix" MMC plug-ins allow a user to be assigned a primary group
+for Unix clients that differs from the user's Windows primary group.
+When the rfc2307 or sfu nss_info plugin has been enabled, in
+the absence of either the RFC2307 or SFU primary group attribute,
+Winbind will assign a primary group ID of 0 to the domain user
+queried using the getpwnam() C library call.
+
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+http://www.samba.org/samba/security/
+
+Additionally, Samba 3.0.26 has been issued as a security
+release to correct the defect.
+
+
+==========
+Workaround
+==========
+
+Samba and Active Directory administrators may avoid this security
+issue by two methods:
+
+(a) Ensure that all user's stored in AD are properly assigned a
+ Unix primary group, or
+(b) Discontinue use of the sfu or rfc2307 "winbind nss info" plugin
+ until a patched version of the idmap_ad.so library can be
+ installed.
+
+Note that the problem is only evident on servers using the sfu
+or rfc2307 "winbind nss info" plugin and not those only making
+use of Winbind's idmap_ad IDMap backend interface.
+
+
+=======
+Credits
+=======
+
+This vulnerability was reported to Samba developers by Rick King
+as Samba Bug #4927.
+
+The time line is as follows:
+
+* Aug 29, 2007: Initial report from Rick King.
+* Aug 29, 2007: First response from Samba developers confirming
+ the bug along with a proposed patch.
+* Sep 4, 2007: Announcement to vendor-sec mailing list.
+* Sep 11, 2007: Public security advisory made available.
+
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
More information about the samba-cvs
mailing list