[Samba] Samba 4.1.6 huge security flaw

bogdan_bartos admin at blackpenguin.org
Mon Apr 14 15:16:14 MDT 2014 

This is what I see in the log.samba:

  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2014/04/11 14:33:55.270648,  0]
../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2014/04/14 08:30:22.271964,  0]
../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2014/04/14 14:52:24.799161,  0] ../source4/smbd/server.c:121(sig_term)
[2014/04/14 14:52:24.799128,  0] ../source4/smbd/server.c:116(sig_term)
[2014/04/14 14:52:24.799176,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1801 on SIGTERM
[2014/04/14 14:52:24.799270,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1802 on SIGTERM
  SIGTERM: killing children
[2014/04/14 14:52:24.799417,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1804 on SIGTERM
  Exiting pid 1808 on SIGTERM
[2014/04/14 14:52:24.799322,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1805 on SIGTERM
[2014/04/14 14:52:24.799426,  0] ../source4/smbd/server.c:121(sig_term)
[2014/04/14 14:52:24.799792,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1809 on SIGTERM
[2014/04/14 14:52:24.802495,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1814 on SIGTERM
[2014/04/14 14:52:24.799672,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1807 on SIGTERM
[2014/04/14 14:52:24.804586,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1813 on SIGTERM
  Exiting pid 1806 on SIGTERM
[2014/04/14 14:52:24.799545,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1800 on SIGTERM
[2014/04/14 14:52:24.809454,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1811 on SIGTERM
[2014/04/14 14:52:24.812416,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1812 on SIGTERM
[2014/04/14 14:52:24.855421,  0] ../source4/smbd/server.c:121(sig_term)
  Exiting pid 1810 on SIGTERM
[2014/04/14 14:52:32.976404,  0]
../source4/smbd/server.c:370(binary_smbd_main)
  samba version 4.1.6 started. -> this is where I restarted the server to
see if it still happens and it did after as well.

I do get these every once in a while in log.smbd:
[2014/04/11 07:57:47.860716,  0]
../source3/smbd/oplock.c:335(oplock_timeout_handler)
  Oplock break failed for file
fileserver.specified.ca/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI
-- replying anyway

The rest looks ok to me... I am not sure what else to provide. I am not sure
if I can replicate the same bug after the Windows machine restart, but I
will try and let you know.



--
View this message in context: http://samba.2283325.n4.nabble.com/Samba-4-1-6-huge-security-flaw-tp4664312p4664313.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list