[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Sep 3 07:21:34 UTC 2019
The branch, master has been updated
via 3dabb5a NEWS[4.10.8]: Samba 4.10.8 and 4.9.13 Security Releases Available
from f12bbb4 team: fix alphabetical order
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3dabb5a6ed01e8652863ee10d4c23e3cbfdd0b59
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Aug 27 13:19:37 2019 +0200
NEWS[4.10.8]: Samba 4.10.8 and 4.9.13 Security Releases Available
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 2 +
history/samba-4.10.8.html | 57 +++++++++++
history/samba-4.9.13.html | 57 +++++++++++
history/security.html | 17 ++++
posted_news/20190903-084511.4.10.8.body.html | 23 +++++
posted_news/20190903-084511.4.10.8.headline.html | 3 +
security/CVE-2019-10197.html | 116 +++++++++++++++++++++++
7 files changed, 275 insertions(+)
create mode 100644 history/samba-4.10.8.html
create mode 100644 history/samba-4.9.13.html
create mode 100644 posted_news/20190903-084511.4.10.8.body.html
create mode 100644 posted_news/20190903-084511.4.10.8.headline.html
create mode 100644 security/CVE-2019-10197.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 614ffe8..cd921ff 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,6 +9,7 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.10.8.html">samba-4.10.8</a></li>
<li><a href="samba-4.10.7.html">samba-4.10.7</a></li>
<li><a href="samba-4.10.6.html">samba-4.10.6</a></li>
<li><a href="samba-4.10.5.html">samba-4.10.5</a></li>
@@ -17,6 +18,7 @@
<li><a href="samba-4.10.2.html">samba-4.10.2</a></li>
<li><a href="samba-4.10.1.html">samba-4.10.1</a></li>
<li><a href="samba-4.10.0.html">samba-4.10.0</a></li>
+ <li><a href="samba-4.9.13.html">samba-4.9.13</a></li>
<li><a href="samba-4.9.12.html">samba-4.9.12</a></li>
<li><a href="samba-4.9.11.html">samba-4.9.11</a></li>
<li><a href="samba-4.9.10.html">samba-4.9.10</a></li>
diff --git a/history/samba-4.10.8.html b/history/samba-4.10.8.html
new file mode 100644
index 0000000..2f80977
--- /dev/null
+++ b/history/samba-4.10.8.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.10.8 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.10.8 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.10.8.tar.gz">Samba 4.10.8 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.10.8.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.10.7-4.10.8.diffs.gz">Patch (gzipped) against Samba 4.10.7</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.10.7-4.10.8.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.10.8
+ September 3, 2019
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2019-10197: Combination of parameters and permissions can allow user
+ to escape from the share path definition.
+
+=======
+Details
+=======
+
+o CVE-2019-10197:
+ Under certain parameter configurations, when an SMB client accesses a network
+ share and the user does not have permission to access the share root
+ directory, it is possible for the user to escape from the share to see the
+ complete '/' filesystem. Unix permission checks in the kernel are still
+ enforced.
+
+
+Changes since 4.10.7:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.9.13.html b/history/samba-4.9.13.html
new file mode 100644
index 0000000..58bb775
--- /dev/null
+++ b/history/samba-4.9.13.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.9.13 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.9.13 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.9.13.tar.gz">Samba 4.9.13 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.9.13.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.9.12-4.9.13.diffs.gz">Patch (gzipped) against Samba 4.9.12</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.9.12-4.9.13.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.9.13
+ September 03, 2019
+ ==============================
+
+
+This is a security release in order to address the following defect:
+
+o CVE-2019-10197: Combination of parameters and permissions can allow user
+ to escape from the share path definition.
+
+=======
+Details
+=======
+
+o CVE-2019-10197:
+ Under certain parameter configurations, when an SMB client accesses a network
+ share and the user does not have permission to access the share root
+ directory, it is possible for the user to escape from the share to see the
+ complete '/' filesystem. Unix permission checks in the kernel are still
+ enforced.
+
+
+Changes since 4.9.12:
+---------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index ad8ab8f..b606d57 100755
--- a/history/security.html
+++ b/history/security.html
@@ -26,6 +26,23 @@ link to full release notes for each release.</p>
<td><em>Details</em></td>
</tr>
+ <tr>
+ <td>03 Sep 2019</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.10.7-CVE-2019-10197.patch">
+ patch for Samba 4.10.7</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.9.12-CVE-2019-10197.patch">
+ patch for Samba 4.9.12</a><br />
+ </td>
+ <td>Combination of parameters and permissions can allow user to escape
+ from the share path definition.
+ </td>
+ <td>All versions between Samba 4.9.0 and 4.9.12/4.10.7 (incl.).</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10197">CVE-2019-10197</a>
+ </td>
+ <td><a href="/samba/security/CVE-2019-10197.html">Announcement</a>
+ </td>
+ </tr>
+
<tr>
<td>19 Jun 2019</td>
<td><a href="/samba/ftp/patches/security/samba-4.10.4-security-2019-06-19.patch">
diff --git a/posted_news/20190903-084511.4.10.8.body.html b/posted_news/20190903-084511.4.10.8.body.html
new file mode 100644
index 0000000..a5869b1
--- /dev/null
+++ b/posted_news/20190903-084511.4.10.8.body.html
@@ -0,0 +1,23 @@
+<!-- BEGIN: posted_news/20190828-084511.4.10.8.body.html -->
+<h5><a name="4.10.8">03 September 2019</a></h5>
+<p class=headline>Samba 4.10.8 and 4.9.13 Security Releases Available</p>
+<p>
+These are security releases in order to address
+<a href="/samba/security/CVE-2019-10197.html">CVE-2019-10197</a>
+(Combination of parameters and permissions can allow user to escape from the share path definition).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6F33915B6568B7EA).</br>
+The 4.10.8 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.10.8.tar.gz">downloaded now</a>.</br>
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.10.7-4.10.8.diffs.gz">patch against Samba 4.10.7</a> is also available.</br>
+See the <a href="https://www.samba.org/samba/history/samba-4.10.8.html">4.10.8 release notes</a> for more info.</br>
+The 4.9.13 source code can be <a
+href="https://download.samba.org/pub/samba/stable/samba-4.9.13.tar.gz">downloaded now</a>.</br>
+A <a
+href="https://download.samba.org/pub/samba/patches/samba-4.9.12-4.9.13.diffs.gz">patch
+against Samba 4.9.12</a> is also available.</br>
+See the <a href="https://www.samba.org/samba/history/samba-4.9.13.html">4.9.13 release notes</a> for more info.
+</p>
+<!-- END: posted_news/20190828-084511.4.10.8.body.html -->
diff --git a/posted_news/20190903-084511.4.10.8.headline.html b/posted_news/20190903-084511.4.10.8.headline.html
new file mode 100644
index 0000000..20a9911
--- /dev/null
+++ b/posted_news/20190903-084511.4.10.8.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20190903-084511.4.10.8.headline.html -->
+<li> 03 September 2019 <a href="#4.10.8">Samba 4.10.8 and 4.9.13 Security Releases Available</a></li>
+<!-- END: posted_news/20190903-084511.4.10.8.headline.html -->
diff --git a/security/CVE-2019-10197.html b/security/CVE-2019-10197.html
new file mode 100644
index 0000000..3c37cfd
--- /dev/null
+++ b/security/CVE-2019-10197.html
@@ -0,0 +1,116 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2019-10197.html
+
+<p>
+<pre>
+==============================================================================
+== Subject: Combination of parameters and permissions can allow user
+== to escape from the share path definition.
+==
+== CVE ID#: CVE-2019-10197
+==
+== Versions: All versions of Samba from 4.9.0 onwards.
+==
+== Summary: Under certain parameter configurations, when an SMB
+== client accesses a network share and the user does not
+== have permission to access the share root directory,
+== it is possible for the user to escape from the share
+== to see the complete '/' filesystem. Unix permission
+== checks in the kernel are still enforced.
+==
+==============================================================================
+
+===========
+Description
+===========
+
+On a Samba SMB server for all versions of Samba from 4.9.0 clients are
+able to escape outside the share root directory if certain
+configuration parameters set in the smb.conf file.
+
+The problem is reproducable if the 'wide links' option is explicitly
+set to 'yes' and either 'unix extensions = no' or 'allow insecure wide
+links = yes' is set in addition.
+
+If a client has no permissions to enter the share root directory it
+will get ACCESS_DENIED on the first request. However smbd has a cache
+that remembers if it successfully changed to a directory. This cache
+was not being reset on failure. The following SMB request will then
+silently operate in the wrong directory instead of returning
+ACCESS_DENIED. That directory is either the share root directory of a
+different share the client was operating on successfully before or the
+global root directory ('/') of the system.
+
+The unix token (uid, gid, list of groups) is always correctly
+impersonated before each operation, so the client is still restricted
+by the unix permissions enfored by the kernel.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to:
+
+ https://www.samba.org/samba/security/
+
+Additionally, Samba 4.9.13, 4.10.8 and 4.11.0rc3 have been issued as
+security releases to correct the defect. Patches against older Samba
+versions may be available at https://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==================
+CVSSv3 calculation
+==================
+
+CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C (8.7)
+
+==========
+Workaround
+==========
+
+The following methods can be used as a mitigation (only one is
+needed):
+
+- Use the 'sharesec' tool to configure a security descriptor for the
+ share that's at least as strict as the permissions on the share root
+ directory.
+
+- Use the 'valid users' option to allow only users/groups which are
+ able to enter the share root directory.
+
+- Remove 'wide links = yes' if it's not really needed.
+
+- In some situations it might be an option to use 'chmod a+x' on the
+ share root directory, but you need to make sure that files and
+ subdirectories are protected by stricter permissions. You may also
+ want to 'chmod a-w' in order to prevent new top level files and
+ directories, which may have less restrictive permissions.
+
+=======
+Credits
+=======
+
+This problem was found by Stefan Metzmacher of SerNet and the Samba
+Team.
+
+Patches provided by Ralph Böhme and Stefan Metzmacher of SerNet and
+the Samba Team together with Jeremy Allison of Google and the Samba
+Team.
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list