[Samba] Latest Ubuntu 16.04 samba upgrade breaks external ldap auth (CVE-2020-10704)

L.P.H. van Belle belle at bazuin.nl
Wed Apr 29 07:38:37 UTC 2020


Hai, 

Well, my advice here is.. Your using Ubuntu 16.04 which is EOL this month.
So the best is to upgrade to or 18.04 or goto 20.04. 

And else i suggest you read : 
https://www.samba.org/samba/security/CVE-2020-10704.html

* For authenticated connections the maximum packet size is controlled by
  the smb.conf parameter "ldap max authenticated request size"

* For anonymous connections the maximum packet size is controlled by
  the smb.conf parameter "ldap max anonymous request size"

* For searches, the maximum packet size is controlled by
  the smb.conf parameter "ldap max search request size"

Sorry, you have to contact the ubuntu security team for this one. 
( but i suggest you upgrade the OS ) 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Lorenzo Milesi via samba
> Verzonden: woensdag 29 april 2020 9:27
> Aan: samba
> Onderwerp: [Samba] Latest Ubuntu 16.04 samba upgrade breaks 
> external ldap auth (CVE-2020-10704)
> Urgentie: Hoog
> 
> Latest Samba4 upgrade (4.3.11+dfsg-0ubuntu0.16.04.26) broke 
> external LDAP auth probably with the following error:
> 
> LDAP request size (81) exceeds (0)
> 
> samba-tool outputs the following when ran:
> 
> Unknown parameter encountered: "ldap max anonymous request size"
> Ignoring unknown parameter "ldap max anonymous request size"
> Unknown parameter encountered: "ldap max authenticated request size"
> Ignoring unknown parameter "ldap max authenticated request size"
> Unknown parameter encountered: "ldap max search request size"
> Ignoring unknown parameter "ldap max search request size"
> 
> These params aren't defined anywhere, and even if placed in 
> smb.conf the error won't change.
> 
> Any workaround for this old version?
> 
> thanks
> 
> 
> https://changelogs.ubuntu.com/changelogs/pool/main/s/samba/sam
> ba_4.3.11+dfsg-0ubuntu0.16.04.26/changelog
> 
> -- 
> Lorenzo Milesi - lorenzo.milesi at yetopen.it
> 
> YetOpen S.r.l. - https://www.yetopen.it/
> Via Salerno 18 - 23900 Lecco - ITALY -
> Tel +39 0341 220 205 - Fax +39 178 6070 222
> 
> Think green - Non stampare questa e-mail se non necessario / 
> Don't print this email unless necessary
> 
> -------- D.Lgs. 196/2003 e GDPR 679/2016 --------
> Tutte le informazioni contenute in questo messaggio sono 
> riservate ed a uso esclusivo del destinatario.
> Tutte le informazioni ivi contenute, compresi eventuali 
> allegati, sono da ritenere confidenziali e riservate secondo i termini
> del vigente D.Lgs. 196/2003 in materia di privacy e del 
> Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita 
> l'utilizzazione ulteriore non autorizzata.
> Nel caso in cui questo messaggio Le fosse pervenuto per 
> errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, 
> a non inoltrarlo a terzi e ad avvertirci non appena possibile.
> Grazie.
> 
> Confidentiality notice: this email message including any 
> attachment is for the sole use of the intended recipient and 
> may contain confidential and privileged information;
> pursuant to Legislative Decree 196/2003 and the European 
> General Data Protection Regulation 679/2016 - GDPR - any 
> unauthorized review, use, disclosure or distribution
> is prohibited. If you are not the intended recepient please 
> delete this message without copying, printing or forwarding 
> it to others, and alert us as soon as possible.
> Thank you.
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list