[Samba] Error running CVE-2018-1057_helper on 4.5
Harry Jede
walk2sun at arcor.de
Wed Mar 14 09:45:34 UTC 2018
Am Mittwoch, 14. März 2018, 08:35:53 CET schrieb Brian Candler via
samba:
> I tried to run this script on a system running 4.5.15 built from
> source under Ubuntu 16.04, but I get the following exception:
>
> # PYTHONPATH="/usr/local/samba/lib/python2.7/site-packages/"
> ./samba_CVE-2018-1057_helper --lock-pwchange
> Temporarily overriding 'dsdb:schema update allowed' setting
> Traceback (most recent call last):
> File "./samba_CVE-2018-1057_helper", line 139, in <module>
> sd_helper.modify_sd_on_dn(msg.dn, new_desc)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/sd_utils.py", line
> 40, in modify_sd_on_dn
> m.dn = Dn(self.ldb, object_dn)
> TypeError: argument 2 must be string, not ldb.Dn
> A transaction is still active in ldb context [0x2337ea0] on
> tdb:///usr/local/samba/private/sam.ldb
>
> I tried doing "kinit Administrator" and then repeating, but that
> didn't change the error.
>
> I see samba 4.8.0 was released yesterday, which means 4.5.x
> technically dropped out of support yesterday too:
> https://wiki.samba.org/index.php/Samba_Release_Planning
>
> However, I also note that a security patch was released for 4.5.15:
>
> https://download.samba.org/pub/samba/patches/security/samba-4.5.15-sec
> urity-2018-03-13.patch
>
> Obviously I will have to proceed with the underlying patching and/or
> upgrading of Samba. But if anyone can help me get the short-term fix
> working for 4.5, that would be a useful stop-gap.
Now I have checked the ubuntu repos. The patch is applied to:
samba (2:4.3.11+dfsg-0ubuntu0.14.04.14) trusty-security
samba (2:4.3.11+dfsg-0ubuntu0.16.04.13) xenial-security
samba (2:4.6.7+dfsg-1ubuntu3.2) artful-security
So you have one (easy) choice. Download the source package from artful-
security and build it on xenial. This brings you to a supported samba
release.
> Thanks,
>
> Brian.
--
Gruss
Harry Jede
More information about the samba
mailing list