[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Mar 13 09:16:41 UTC 2018
The branch, master has been updated
via 52725a6 Fix typos.
via 6aa8ada Advisory CVE-2018-1057: Add latest changes from Andrew.
via ae45dc4 Add Samba 4.7.6, 4.6.14 and 4.5.16.
from eb22034 team: Update URL for my home page
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 52725a68c9b15a1ccfb598b912a611f0671d3d1d
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Mar 13 10:07:29 2018 +0100
Fix typos.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 6aa8ada977d0f13622bca3e36e904036476c6935
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Mar 13 09:41:18 2018 +0100
Advisory CVE-2018-1057: Add latest changes from Andrew.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit ae45dc43e49ad36c62b55471d1a4894888b2201a
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Mar 13 08:22:44 2018 +0100
Add Samba 4.7.6, 4.6.14 and 4.5.16.
Add security advisories and update sec site.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.5.16.html | 75 +++++++++++++++++++
history/samba-4.6.14.html | 75 +++++++++++++++++++
history/samba-4.7.6.html | 75 +++++++++++++++++++
history/security.html | 19 +++++
posted_news/20180313-072335.4.7.6.body.html | 24 ++++++
posted_news/20180313-072335.4.7.6.headline.html | 3 +
security/CVE-2018-1050.html | 75 +++++++++++++++++++
security/CVE-2018-1057.html | 98 +++++++++++++++++++++++++
9 files changed, 447 insertions(+)
create mode 100644 history/samba-4.5.16.html
create mode 100644 history/samba-4.6.14.html
create mode 100644 history/samba-4.7.6.html
create mode 100644 posted_news/20180313-072335.4.7.6.body.html
create mode 100644 posted_news/20180313-072335.4.7.6.headline.html
create mode 100644 security/CVE-2018-1050.html
create mode 100644 security/CVE-2018-1057.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index fadbcd2..7215d25 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,12 +9,14 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.7.6.html">samba-4.7.6</a></li>
<li><a href="samba-4.7.5.html">samba-4.7.5</a></li>
<li><a href="samba-4.7.4.html">samba-4.7.4</a></li>
<li><a href="samba-4.7.3.html">samba-4.7.3</a></li>
<li><a href="samba-4.7.2.html">samba-4.7.2</a></li>
<li><a href="samba-4.7.1.html">samba-4.7.1</a></li>
<li><a href="samba-4.7.0.html">samba-4.7.0</a></li>
+ <li><a href="samba-4.6.14.html">samba-4.6.14</a></li>
<li><a href="samba-4.6.13.html">samba-4.6.13</a></li>
<li><a href="samba-4.6.12.html">samba-4.6.12</a></li>
<li><a href="samba-4.6.11.html">samba-4.6.11</a></li>
@@ -29,6 +31,7 @@
<li><a href="samba-4.6.2.html">samba-4.6.2</a></li>
<li><a href="samba-4.6.1.html">samba-4.6.1</a></li>
<li><a href="samba-4.6.0.html">samba-4.6.0</a></li>
+ <li><a href="samba-4.5.16.html">samba-4.5.16</a></li>
<li><a href="samba-4.5.15.html">samba-4.5.15</a></li>
<li><a href="samba-4.5.14.html">samba-4.5.14</a></li>
<li><a href="samba-4.5.13.html">samba-4.5.13</a></li>
diff --git a/history/samba-4.5.16.html b/history/samba-4.5.16.html
new file mode 100644
index 0000000..5251b3d
--- /dev/null
+++ b/history/samba-4.5.16.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.5.16 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.5.16 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.5.16.tar.gz">Samba 4.5.16 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.5.16.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.5.15-4.5.16.diffs.gz">Patch (gzipped) against Samba 4.5.15</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.5.15-4.5.16.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.5.16
+ March 13, 2018
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-1050 (Denial of Service Attack on external print server.)
+o CVE-2018-1057 (Authenticated users can change other users' password.)
+
+
+=======
+Details
+=======
+
+o CVE-2018-1050:
+ All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
+ service attack when the RPC spoolss service is configured to be run as
+ an external daemon. Missing input sanitization checks on some of the
+ input parameters to spoolss RPC calls could cause the print spooler
+ service to crash.
+
+ There is no known vulnerability associated with this error, merely a
+ denial of service. If the RPC spoolss service is left by default as an
+ internal service, all a client can do is crash its own authenticated
+ connection.
+
+o CVE-2018-1057:
+ On a Samba 4 AD DC the LDAP server in all versions of Samba from
+ 4.0.0 onwards incorrectly validates permissions to modify passwords
+ over LDAP allowing authenticated users to change any other users'
+ passwords, including administrative users.
+
+ Possible workarounds are described at a dedicated page in the Samba wiki:
+ https://wiki.samba.org/index.php/CVE-2018-1057
+
+
+Changes since 4.5.15:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
+ password.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
+ password.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.6.14.html b/history/samba-4.6.14.html
new file mode 100644
index 0000000..da41784
--- /dev/null
+++ b/history/samba-4.6.14.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.6.14 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.6.14 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.14.tar.gz">Samba 4.6.14 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.14.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.13-4.6.14.diffs.gz">Patch (gzipped) against Samba 4.6.13</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.13-4.6.14.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.6.14
+ March 13, 2018
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-1050 (Denial of Service Attack on external print server.)
+o CVE-2018-1057 (Authenticated users can change other users' password.)
+
+
+=======
+Details
+=======
+
+o CVE-2018-1050:
+ All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
+ service attack when the RPC spoolss service is configured to be run as
+ an external daemon. Missing input sanitization checks on some of the
+ input parameters to spoolss RPC calls could cause the print spooler
+ service to crash.
+
+ There is no known vulnerability associated with this error, merely a
+ denial of service. If the RPC spoolss service is left by default as an
+ internal service, all a client can do is crash its own authenticated
+ connection.
+
+o CVE-2018-1057:
+ On a Samba 4 AD DC the LDAP server in all versions of Samba from
+ 4.0.0 onwards incorrectly validates permissions to modify passwords
+ over LDAP allowing authenticated users to change any other users'
+ passwords, including administrative users.
+
+ Possible workarounds are described at a dedicated page in the Samba wiki:
+ https://wiki.samba.org/index.php/CVE-2018-1057
+
+
+Changes since 4.6.12:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
+ password.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
+ password.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.7.6.html b/history/samba-4.7.6.html
new file mode 100644
index 0000000..d6eae24
--- /dev/null
+++ b/history/samba-4.7.6.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.7.6 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.7.6 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.6.tar.gz">Samba 4.7.6 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.6.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.5-4.7.6.diffs.gz">Patch (gzipped) against Samba 4.7.5</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.5-4.7.6.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.7.6
+ March 13, 2018
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-1050 (Denial of Service Attack on external print server.)
+o CVE-2018-1057 (Authenticated users can change other users' password.)
+
+
+=======
+Details
+=======
+
+o CVE-2018-1050:
+ All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
+ service attack when the RPC spoolss service is configured to be run as
+ an external daemon. Missing input sanitization checks on some of the
+ input parameters to spoolss RPC calls could cause the print spooler
+ service to crash.
+
+ There is no known vulnerability associated with this error, merely a
+ denial of service. If the RPC spoolss service is left by default as an
+ internal service, all a client can do is crash its own authenticated
+ connection.
+
+o CVE-2018-1057:
+ On a Samba 4 AD DC the LDAP server in all versions of Samba from
+ 4.0.0 onwards incorrectly validates permissions to modify passwords
+ over LDAP allowing authenticated users to change any other users'
+ passwords, including administrative users.
+
+ Possible workarounds are described at a dedicated page in the Samba wiki:
+ https://wiki.samba.org/index.php/CVE-2018-1057
+
+
+Changes since 4.7.5:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
+ password.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
+ password.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 79958ea..d81359a 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,25 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>13 Mar 2018</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.7.5-security-2018-03-13.patch">
+ patch for Samba 4.7.5</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.6.13-security-2018-03-13.patch">
+ patch for Samba 4.6.13</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.5.15-security-2018-03-13.patch">
+ patch for Samba 4.5.15</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1050">CVE-2018-1050</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1057">CVE-2018-1057</a>
+ </td>
+ <td><a href="/samba/security/CVE-2018-1050.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-1057.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
<td>21 Nov 2017</td>
<td><a href="/samba/ftp/patches/security/samba-4.7.2-security-2017-11-21.patch">
patch for Samba 4.7.2</a><br />
diff --git a/posted_news/20180313-072335.4.7.6.body.html b/posted_news/20180313-072335.4.7.6.body.html
new file mode 100644
index 0000000..b18d328
--- /dev/null
+++ b/posted_news/20180313-072335.4.7.6.body.html
@@ -0,0 +1,24 @@
+<!-- BEGIN: posted_news/20180313-072335.4.7.6.body.html -->
+<h5><a name="4.7.6">13 March 2018</a></h5>
+<p class=headline>Samba 4.7.6, 4.6.14 and 4.5.16 Security Releases Available for Download</p>
+<p>
+These are security releases in order to address
+<a href="/samba/security/CVE-2018-1050.html">CVE-2018-1050</a>
+(Denial of Service Attack on external print server) and <a href="/samba/security/CVE-2018-1057.html">CVE-2018-1057</a>
+ (Authenticated users can change other users' password).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6F33915B6568B7EA).<br>
+The 4.7.6 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.7.6.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.7.5-4.7.6.diffs.gz">patch against Samba 4.7.5</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.7.6.html">the release notes for more info</a>.
+<br>
+The 4.6.14 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.6.14.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.6.13-4.6.14.diffs.gz">patch against Samba 4.6.13</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.6.14.html">the release notes for more info</a>.
+<br>
+The 4.5.16 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.5.16.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.5.15-4.5.16.diffs.gz">patch against Samba 4.5.15</a> is also available.
+See <a href="https://www.samba.org/samba/history/samba-4.5.16.html">the release notes for more info</a>.
+</p>
+<!-- END: posted_news/20180313-072335.4.7.6.body.html -->
diff --git a/posted_news/20180313-072335.4.7.6.headline.html b/posted_news/20180313-072335.4.7.6.headline.html
new file mode 100644
index 0000000..b55fd81
--- /dev/null
+++ b/posted_news/20180313-072335.4.7.6.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20180313-072335.4.7.6.headline.html -->
+<li> 13 March 2018 <a href="#4.7.6">Samba 4.7.6, 4.6.14 and 4.5.16 Security Releases Available for Download</a></li>
+<!-- END: posted_news/20180313-072335.4.7.6.headline.html -->
diff --git a/security/CVE-2018-1050.html b/security/CVE-2018-1050.html
new file mode 100644
index 0000000..549fab9
--- /dev/null
+++ b/security/CVE-2018-1050.html
@@ -0,0 +1,75 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2018-1050.html
+
+<p>
+<pre>
+====================================================================
+== Subject: Denial of Service Attack on external print server.
+==
+== CVE ID#: CVE-2018-1050
+==
+== Versions: All versions of Samba from 4.0.0 onwards.
+==
+== Summary: Missing null pointer checks may crash the external
+== print server process.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
+service attack when the RPC spoolss service is configured to be run as
+an external daemon. Missing input sanitization checks on some of the
+input parameters to spoolss RPC calls could cause the print spooler
+service to crash.
+
+There is no known vulnerability associated with this error, merely a
+denial of service. If the RPC spoolss service is left by default as an
+internal service, all a client can do is crash its own authenticated
+connection.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.7.6, 4.6.14 and 4.5.16 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions are available at http://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+Ensure the parameter:
+
+rpc_server:spoolss = external
+
+is not set in the [global] section of your smb.conf.
+
+=======
+Credits
+=======
+
+This problem was found by the Synopsys Defensics intelligent fuzz
+testing tool. Jeremy Allison of Google and the Samba Team provided
+the fix.
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2018-1057.html b/security/CVE-2018-1057.html
new file mode 100644
index 0000000..a030602
--- /dev/null
+++ b/security/CVE-2018-1057.html
@@ -0,0 +1,98 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2018-1057.html
+
+<p>
+<pre>
+====================================================================
+== Subject: Authenticated users can change other users' password
+==
+== CVE ID#: CVE-2018-1057
+==
+== Versions: All versions of Samba from 4.0.0 onwards.
+==
+== Summary: On a Samba 4 AD DC any authenticated user can change
+== other users' passwords over LDAP, including the
+== passwords of administrative users and service
+== accounts.
+==
+====================================================================
+
+===========
+Description
+===========
+
+On a Samba 4 AD DC the LDAP server in all versions of Samba from
+4.0.0 onwards incorrectly validates permissions to modify passwords
+over LDAP allowing authenticated users to change any other users'
+passwords, including administrative users and privileged service
+accounts (eg Domain Controllers).
+
+The LDAP server incorrectly validates certain LDAP password
+modifications against the "Change Password" privilege, but then
+performs a password reset operation.
+
+The change password right in AD is an extended object access right
+with the GUID ab721a53-1e2f-11d0-9819-00aa0040529b.
+
+By default user objects grant the change password right to the
+authenticated user's own user object (self) and to everyone
+(world). Computer objects grant the change password right to
+everyone.
+
+The corresponding ACEs expressed in SDDL are
+
+self: (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)
+world: (OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+
+The components of these ACEs are
+
+OA: object access allowed
+CR: extended rights
+PS: trustee: self
+WD: trustee: world/everyone
+
+The problematic ACE is the one for world/everyone.
+
+The Windows GUI shows this as "Change password" right granted to
+"Everyone".
+
+==========
+Workaround
+==========
+
+Possible workarounds are described at a dedicated page in the Samba wiki:
+
+https://wiki.samba.org/index.php/CVE-2018-1057
--
Samba Website Repository
More information about the samba-cvs
mailing list