[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Apr 10 09:05:03 MDT 2012
The branch, master has been updated
via efcd238 Add security advisory for CVE-2012-1182.
via 1031806 Announce Samba 3.6.4, 3.5.14 and 3.4.16.
from 96e7213 Added Ira Cooper to Samba Team contacts.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit efcd238e39f03a89adebfc5a49e4df46753c4d62
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Apr 10 10:52:50 2012 +0200
Add security advisory for CVE-2012-1182.
Karolin
commit 10318063237d463ba4800fe0e6d50455a15a7eb5
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Apr 9 20:55:02 2012 +0200
Announce Samba 3.6.4, 3.5.14 and 3.4.16.
Karolin
-----------------------------------------------------------------------
Summary of changes:
generated_news/latest_10_bodies.html | 38 ++++++++----
generated_news/latest_10_headlines.html | 4 +-
generated_news/latest_2_bodies.html | 36 ++++++++---
history/header_history.html | 3 +
history/samba-3.4.16.html | 41 +++++++++++++
history/samba-3.5.14.html | 40 ++++++++++++
history/samba-3.6.4.html | 40 ++++++++++++
history/security.html | 20 ++++++
latest_stable_release.html | 6 +-
security/CVE-2012-1182.html | 99 +++++++++++++++++++++++++++++++
10 files changed, 302 insertions(+), 25 deletions(-)
create mode 100755 history/samba-3.4.16.html
create mode 100755 history/samba-3.5.14.html
create mode 100755 history/samba-3.6.4.html
create mode 100644 security/CVE-2012-1182.html
Changeset truncated at 500 lines:
diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html
index 667a083..47c51cf 100644
--- a/generated_news/latest_10_bodies.html
+++ b/generated_news/latest_10_bodies.html
@@ -1,3 +1,30 @@
+ <h5><a name="3.6.4">10 April 2012</a></h5>
+ <p class="headline">Samba 3.6.4, 3.5.14 and 3.4.16 <b>Security Releases</b> Available for Download</p>
+ <p>These are security releases in order to address <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-1182">CVE-2012-1182 ("root" credential remote code execution)</a>.</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).</p>
+<p>
+The source code can be downloaded here:
+<li><a href="http://samba.org/samba/ftp/stable/samba-3.6.4.tar.gz">download Samba 3.6.4</a>,</li>
+<li><a href="http://samba.org/samba/ftp/stable/samba-3.5.14.tar.gz">download Samba 3.5.14</a>,</li>
+<li><a href="http://samba.org/samba/ftp/stable/samba-3.4.16.tar.gz">download Samba 3.4.16</a>.</li>
+</p>
+
+<p>
+Patches against the parents are also available:
+<li><a href="http://samba.org/samba/ftp/patches/patch-3.6.3-3.6.4.diffs.gz">patch Samba 3.6.3/3.6.3</a>,</li>
+<li><a href="http://samba.org/samba/ftp/patches/patch-3.5.13-3.5.14.diffs.gz">patch Samba 3.5.13/3.5.14</a>,</li>
+<li><a href="http://samba.org/samba/ftp/patches/patch-3.4.15-3.4.16.diffs.gz">patch Samba 3.4.15/3.4.16</a>.</li>
+</p>
+
+<p>
+Please see the release notes for more info:
+<li><a href="http://samba.org/samba/history/samba-3.6.4.html">release notes Samba 3.6.4</a>,</li>
+<li><a href="http://samba.org/samba/history/samba-3.5.14.html">release notes Samba 3.5.14</a>,</li>
+<li><a href="http://samba.org/samba/history/samba-3.4.16.html">release notes Samba 3.4.16</a>.</li>
+</p>
+
<h5><a name="SMB2.2 Interop Event">20 March 2012</a></h5>
<p class="headline">Report: Microsoft SMB2.2 Interop Event</p>
<p>A few Samba Team members recently accepted an invitation by Microsoft
@@ -74,14 +101,3 @@ now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-3.5.11-3.5.12.diffs
using GnuPG (ID 6568B7EA). The source code can be
<a href="http://samba.org/samba/ftp/stable/samba-3.6.1.tar.gz">downloaded
now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-3.6.0-3.6.1.diffs.gz">patch against Samba 3.6.0</a> is also available. See <a href="http://samba.org/samba/history/samba-3.6.1.html">the release notes for more info</a>.</p>
-
- <h5><a name="2011-snia-sdc-report">26 September 2011</a></h5>
- <p class="headline">2011 SNIA SDC Report</p>
- <p>Many Samba developers attended the recent
-<a href=http://www.storagedeveloper.org/>Storage Developers Conference</a>
-including our very own <a href=http://ubiqx.com/>Chris Hertel</a>. He was
-nice enough to write a comprehensive summary with some focus on
-<strong>SMB2.2</strong>.</p>
-
- <p>Are you curious about the
-<a href=/samba/news/developers/2011-snia-sdc-report.html>2011 SNIA SDC Report</a>?</p>
diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html
index e9af10b..eca78dd 100644
--- a/generated_news/latest_10_headlines.html
+++ b/generated_news/latest_10_headlines.html
@@ -1,4 +1,6 @@
<ul>
+ <li> 10 April 2012 <a href="#3.6.4">Samba 3.6.4</a>, <a href="#3.5.14">3.5.14</a> and <a href="#3.4.16">3.4.16</a> <b>Security Releases</b> Available for Download.</li>
+
<li> 20 March 2012 <a href="/samba/news/developers/obnox-samba-team-visits-microsoft-for-smb2-2-interop-event.html">Report: Microsoft SMB2.2 Interop Event</a></li>
<li> 12 March 2012 <a href="#3.5.13">Samba 3.5.13 Available for Download</a></li>
@@ -16,6 +18,4 @@
<li> 26 October 2011 <a href="#3.5.12">Samba 3.5.12 Available for Download</a></li>
<li> 20 October 2011 <a href="#3.6.1">Samba 3.6.1 Available for Download</a></li>
-
- <li> 26 September 2011 <a href="/samba/news/developers/2011-snia-sdc-report.html">2011 SNIA SDC Report</a></li>
</ul>
diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html
index 3a9ba50..f0dbdc7 100644
--- a/generated_news/latest_2_bodies.html
+++ b/generated_news/latest_2_bodies.html
@@ -1,3 +1,30 @@
+ <h5><a name="3.6.4">10 April 2012</a></h5>
+ <p class="headline">Samba 3.6.4, 3.5.14 and 3.4.16 <b>Security Releases</b> Available for Download</p>
+ <p>These are security releases in order to address <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-1182">CVE-2012-1182 ("root" credential remote code execution)</a>.</p>
+
+<p>The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).</p>
+<p>
+The source code can be downloaded here:
+<li><a href="http://samba.org/samba/ftp/stable/samba-3.6.4.tar.gz">download Samba 3.6.4</a>,</li>
+<li><a href="http://samba.org/samba/ftp/stable/samba-3.5.14.tar.gz">download Samba 3.5.14</a>,</li>
+<li><a href="http://samba.org/samba/ftp/stable/samba-3.4.16.tar.gz">download Samba 3.4.16</a>.</li>
+</p>
+
+<p>
+Patches against the parents are also available:
+<li><a href="http://samba.org/samba/ftp/patches/patch-3.6.3-3.6.4.diffs.gz">patch Samba 3.6.3/3.6.3</a>,</li>
+<li><a href="http://samba.org/samba/ftp/patches/patch-3.5.13-3.5.14.diffs.gz">patch Samba 3.5.13/3.5.14</a>,</li>
+<li><a href="http://samba.org/samba/ftp/patches/patch-3.4.15-3.4.16.diffs.gz">patch Samba 3.4.15/3.4.16</a>.</li>
+</p>
+
+<p>
+Please see the release notes for more info:
+<li><a href="http://samba.org/samba/history/samba-3.6.4.html">release notes Samba 3.6.4</a>,</li>
+<li><a href="http://samba.org/samba/history/samba-3.5.14.html">release notes Samba 3.5.14</a>,</li>
+<li><a href="http://samba.org/samba/history/samba-3.4.16.html">release notes Samba 3.4.16</a>.</li>
+</p>
+
<h5><a name="SMB2.2 Interop Event">20 March 2012</a></h5>
<p class="headline">Report: Microsoft SMB2.2 Interop Event</p>
<p>A few Samba Team members recently accepted an invitation by Microsoft
@@ -7,12 +34,3 @@
<p>If you are interested in this event and Samba's progress in the SMB2 area,
please read <a href="/samba/news/developers/obnox-samba-team-visits-microsoft-for-smb2-2-interop-event.html">Michael's full report</a>.</p>
-
- <h5><a name="3.5.13">12 March 2012</a></h5>
- <p class="headline">Samba 3.5.13 Available for Download</p>
- <p>This is the latest stable release of the Samba 3.5 series.</p>
-
-<p>The uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA). The source code can be
-<a href="http://samba.org/samba/ftp/stable/samba-3.5.13.tar.gz">downloaded
-now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-3.5.12-3.5.13.diffs.gz">patch against Samba 3.5.12</a> is also available. See <a href="http://samba.org/samba/history/samba-3.5.13.html">the release notes for more info</a>.</p>
diff --git a/history/header_history.html b/history/header_history.html
index 472c0dc..f5e9bcc 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,10 +9,12 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-3.6.4.html">samba-3.6.4</a></li>
<li><a href="samba-3.6.3.html">samba-3.6.3</a></li>
<li><a href="samba-3.6.2.html">samba-3.6.2</a></li>
<li><a href="samba-3.6.1.html">samba-3.6.1</a></li>
<li><a href="samba-3.6.0.html">samba-3.6.0</a></li>
+ <li><a href="samba-3.5.14.html">samba-3.5.14</a></li>
<li><a href="samba-3.5.13.html">samba-3.5.13</a></li>
<li><a href="samba-3.5.12.html">samba-3.5.12</a></li>
<li><a href="samba-3.5.11.html">samba-3.5.11</a></li>
@@ -27,6 +29,7 @@
<li><a href="samba-3.5.2.html">samba-3.5.2</a></li>
<li><a href="samba-3.5.1.html">samba-3.5.1</a></li>
<li><a href="samba-3.5.0.html">samba-3.5.0</a></li>
+ <li><a href="samba-3.4.16.html">samba-3.4.16</a></li>
<li><a href="samba-3.4.15.html">samba-3.4.15</a></li>
<li><a href="samba-3.4.14.html">samba-3.4.14</a></li>
<li><a href="samba-3.4.13.html">samba-3.4.13</a></li>
diff --git a/history/samba-3.4.16.html b/history/samba-3.4.16.html
new file mode 100755
index 0000000..aaee971
--- /dev/null
+++ b/history/samba-3.4.16.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.4.16 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.4.16
+ April 10, 2011
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012-1182 ("root" credential remote code execution).
+
+o CVE-2012-1182:
+ Samba 3.0.x to 3.6.3 are affected by a
+ vulnerability that allows remote code
+ execution as the "root" user.
+
+
+Changes since 3.4.15
+--------------------
+
+
+o Stefan Metzmacher <metze at samba.org>
+ *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
+ allocated array (CVE-2012-1182).
+</pre>
+</p>
+
+</body>
+</html>
diff --git a/history/samba-3.5.14.html b/history/samba-3.5.14.html
new file mode 100755
index 0000000..a6f1b52
--- /dev/null
+++ b/history/samba-3.5.14.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.5.14 Available for Download</H2>
+
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 3.5.14
+ April 10, 2012
+ ==============================
+
+
+This is a security release in order to address
+CVE-2012-1182 ("root" credential remote code execution).
+
+o CVE-2012-1182:
+ Samba 3.0.x to 3.6.3 are affected by a
+ vulnerability that allows remote code
+ execution as the "root" user.
+
+
+Changes since 3.5.13:
+---------------------
+
+
+o Stefan Metzmacher <metze at samba.org>
+ *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
+ allocated array (CVE-2012-1182).
+</pre>
+
+</body>
+</html>
diff --git a/history/samba-3.6.4.html b/history/samba-3.6.4.html
new file mode 100755
index 0000000..ceb7fa5
--- /dev/null
+++ b/history/samba-3.6.4.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Release Notes Archive</title>
+</head>
+
+<body>
+
+ <H2>Samba 3.6.4 Available for Download</H2>
+
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 3.6.4
+ April 10, 2012
+ =============================
+
+
+This is a security release in order to address
+CVE-2012-1182 ("root" credential remote code execution).
+
+o CVE-2012-1182:
+ Samba 3.0.x to 3.6.3 are affected by a
+ vulnerability that allows remote code
+ execution as the "root" user.
+
+
+Changes since 3.6.3:
+--------------------
+
+
+o Stefan Metzmacher <metze at samba.org>
+ *BUG 8815: PIDL based autogenerated code allows overwriting beyond of
+ allocated array (CVE-2012-1182).
+</pre>
+
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 4439835..cf2efcb 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,26 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>10 Apr 2012</td>
+ <td><a href="/samba/ftp/patches/security/samba-3.0.37-CVE-2012-1182.patch">
+ patch for Samba 3.0.37</a>
+ <a href="/samba/ftp/patches/security/samba-3.2.15-CVE-2012-1182.patch">
+ patch for Samba 3.2.15</a>
+ <a href="/samba/ftp/patches/security/samba-3.3.16-CVE-2012-1182.patch">
+ patch for Samba 3.3.16</a>
+ <a href="/samba/ftp/patches/security/samba-3.4.15-CVE-2012-1182.patch">
+ patch for Samba 3.4.15</a>
+ <a href="/samba/ftp/patches/security/samba-3.5.13-CVE-2012-1182.patch">
+ patch for Samba 3.5.13</a>
+ <a href="/samba/ftp/patches/security/samba-3.6.3-CVE-2012-1182.patch">
+ patch for Samba 3.6.3</a>
+ <td>"root" credential remote code execution</td>
+ <td>all current releases</td>
+ <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182">CVE-2012-1182</a></td>
+ <td><a href="/samba/security/CVE-2012-1182">Announcement</a></td>
+ </tr>
+
+ <tr>
<td>23 Feb 2012</td>
<td><a href="/samba/ftp/patches/security/samba-3.0-CVE-2012-0870.patch">
patch for Samba 3.0</a>
diff --git a/latest_stable_release.html b/latest_stable_release.html
index 631f0c2..4fe9ed1 100644
--- a/latest_stable_release.html
+++ b/latest_stable_release.html
@@ -1,5 +1,5 @@
<p>
- <a href="/samba/ftp/stable/samba-3.6.3.tar.gz">Samba 3.6.3 (gzipped)</a><br>
- <a href="/samba/history/samba-3.6.3.html">Release Notes</a> ·
- <a href="/samba/ftp/stable/samba-3.6.3.tar.asc">Signature</a>
+ <a href="/samba/ftp/stable/samba-3.6.4.tar.gz">Samba 3.6.4 (gzipped)</a><br>
+ <a href="/samba/history/samba-3.6.4.html">Release Notes</a> ·
+ <a href="/samba/ftp/stable/samba-3.6.4.tar.asc">Signature</a>
</p>
diff --git a/security/CVE-2012-1182.html b/security/CVE-2012-1182.html
new file mode 100644
index 0000000..4aa1ca4
--- /dev/null
+++ b/security/CVE-2012-1182.html
@@ -0,0 +1,99 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2012-1182:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: "root" credential remote code execution.
+==
+== CVE ID#: CVE-2012-1182
+==
+== Versions: Samba 3.0.x - 3.6.3 (inclusive)
+==
+== Summary: Samba 3.0.x to 3.6.3 are affected by a
+== vulnerability that allows remote code
+== execution as the "root" user.
+==
+===========================================================
+
+===========
+Description
+===========
+
+Samba versions 3.6.3 and all versions previous to this are affected by
+a vulnerability that allows remote code execution as the "root" user
+from an anonymous connection.
+
+The code generator for Samba's remote procedure call (RPC) code
+contained an error which caused it to generate code containing a
+security flaw. This generated code is used in the parts of Samba that
+control marshalling and unmarshalling of RPC calls over the network.
+
+The flaw caused checks on the variable containing the length of an
+allocated array to be done independently from the checks on the
+variable used to allocate the memory for that array. As both these
+variables are controlled by the connecting client it makes it possible
+for a specially crafted RPC call to cause the server to execute
+arbitrary code.
+
+As this does not require an authenticated connection it is the most
+serious vulnerability possible in a program, and users and vendors are
+encouraged to patch their Samba installations immediately.
+
+==================
+Patch Availability
+==================
+
+Patches addressing this issue have been posted to:
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 3.6.4, Samba 3.5.14 and 3.4.16 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at:
+
+ http://samba.org/samba/patches/
+
+Samba administrators running affected versions are advised to upgrade
+to 3.6.4, 3.5.14, or 3.4.16 or apply these patches as soon as
+possible.
+
+Due to the seriousness of this vulnerability, patches have been
+released for all Samba versions currently out of support and
+maintenance from 3.0.37 onwards.
+
+
+==========
+Workaround
+==========
+
+Samba contains a "hosts allow" parameter that can be used inside
+smb.conf to restrict the clients allowed to connect to the server to a
+trusted list. This can be used to help mitigate the problem caused by
+this bug but it is by no means a real fix, as client addresses can be
+easily faked.
+
+
+=======
+Credits
+=======
+
+This vulnerability and proof of concept code was provided by Brian
+Gorenc as well as an anonymous researcher working with HP's Zero Day
+Initiative program. The Samba Team would like to thank them for
+reporting the problem and their cooperation in this matter.
+
+Patches were provided by Stefan Metzmacher of the Samba team, based on
+initial work by Volker Lendecke.
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list