[Samba] Error running CVE-2018-1057_helper on 4.5
dcardon at tranquil.it
Wed Mar 14 09:31:43 UTC 2018
> I tried to run this script on a system running 4.5.15 built from source
> under Ubuntu 16.04, but I get the following exception:
> # PYTHONPATH="/usr/local/samba/lib/python2.7/site-packages/"
> ./samba_CVE-2018-1057_helper --lock-pwchange
> Temporarily overriding 'dsdb:schema update allowed' setting
> Traceback (most recent call last):
> File "./samba_CVE-2018-1057_helper", line 139, in <module>
> sd_helper.modify_sd_on_dn(msg.dn, new_desc)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/sd_utils.py",
> line 40, in modify_sd_on_dn
> m.dn = Dn(self.ldb, object_dn)
> TypeError: argument 2 must be string, not ldb.Dn
> A transaction is still active in ldb context [0x2337ea0] on
> I tried doing "kinit Administrator" and then repeating, but that didn't
> change the error.
you don't need to kinit. The script directly goes to ldb files.
The script is ok for 4.7 but there is a small fix to make it run for
earlier Samba version, cf. the diff in attachment.
> I see samba 4.8.0 was released yesterday, which means 4.5.x technically
> dropped out of support yesterday too:
the fix for this security flaw has been backport from 4.8 to 4.3, so yes
4.5 can be patched. But I would advise you to use the mitigation script
first and prepare and update to 4.7.6 in the coming weeks because, like
you said, 4.5 won't get any feature fixes from upstream anymore since
4.8 is out.
> However, I also note that a security patch was released for 4.5.15:
> Obviously I will have to proceed with the underlying patching and/or
> upgrading of Samba. But if anyone can help me get the short-term fix
> working for 4.5, that would be a useful stop-gap.
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 22.214.171.124.55
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 503 bytes
Desc: not available
More information about the samba