[Announce] Samba 4.3.6, 4.2.9, 4.1.23 and 4.4.0rc4 Security Releases Available for Download
Karolin Seeger
kseeger at samba.org
Tue Mar 8 12:59:32 UTC 2016
Release Announcements
---------------------
This is a security release in order to address the following CVEs:
o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
o CVE-2016-0771 (Out-of-bounds read in internal DNS server)
=======
Details
=======
o CVE-2015-7560:
All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
a malicious client overwriting the ownership of ACLs using symlinks.
An authenticated malicious client can use SMB1 UNIX extensions to
create a symlink to a file or directory, and then use non-UNIX SMB1
calls to overwrite the contents of the ACL on the file or directory
linked to.
o CVE-2016-0771:
All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
an AD DC and choose to run the internal DNS server, are vulnerable to an
out-of-bounds read issue during DNS TXT record handling caused by users
with permission to modify DNS records.
A malicious client can upload a specially constructed DNS TXT record,
resulting in a remote denial-of-service attack. As long as the affected
TXT record remains undisturbed in the Samba database, a targeted DNS
query may continue to trigger this exploit.
While unlikely, the out-of-bounds read may bypass safety checks and
allow leakage of memory from the server in the form of a DNS TXT reply.
By default only authenticated accounts can upload DNS records,
as "allow dns updates = secure only" is the default.
Any other value would allow anonymous clients to trigger this
bug, which is a much higher risk.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
================
Download Details
================
The uncompressed tarballs and patch files have been signed
using GnuPG (ID 6568B7EA). The source code can be downloaded
from:
https://download.samba.org/pub/samba/stable/
https://download.samba.org/pub/samba/rc/
Patches addressing this defect have been posted to
https://www.samba.org/samba/history/security.html
The release notes are available online at:
https://www.samba.org/samba/history/samba-4.3.6.html
https://www.samba.org/samba/history/samba-4.2.9.html
https://www.samba.org/samba/history/samba-4.1.23.html
https://download.samba.org/pub/samba/rc/samba-4.4.0rc4.WHATSNEW.txt
Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)
--Enjoy
The Samba Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160308/92c01e99/signature.sig>
More information about the samba-technical
mailing list