[Samba] Latest Ubuntu 16.04 samba upgrade breaks external ldap auth (CVE-2020-10704)
Andrew Bartlett
abartlet at samba.org
Wed Apr 29 09:41:49 UTC 2020
On Wed, 2020-04-29 at 21:10 +1200, Andrew Bartlett via samba wrote:
> On Wed, 2020-04-29 at 08:57 +0100, Rowland penny via samba wrote:
> > On 29/04/2020 08:26, Lorenzo Milesi via samba wrote:
> > > Latest Samba4 upgrade (4.3.11+dfsg-0ubuntu0.16.04.26) broke external LDAP auth probably with the following error:
> > >
> > > LDAP request size (81) exceeds (0)
> > >
> > > samba-tool outputs the following when ran:
> > >
> > > Unknown parameter encountered: "ldap max anonymous request size"
> > > Ignoring unknown parameter "ldap max anonymous request size"
> > > Unknown parameter encountered: "ldap max authenticated request size"
> > > Ignoring unknown parameter "ldap max authenticated request size"
> > > Unknown parameter encountered: "ldap max search request size"
> > > Ignoring unknown parameter "ldap max search request size"
> > >
> > > These params aren't defined anywhere, and even if placed in smb.conf the error won't change.
> > >
> > > Any workaround for this old version?
> > >
> > > thanks
> > >
> > >
> > > https://changelogs.ubuntu.com/changelogs/pool/main/s/samba/samba_4.3.11+dfsg-0ubuntu0.16.04.26/changelog
> > >
> > If you are having problems with this on 4.3.11, then you need to raise a
> > bug report to Ubuntu.
> >
> > Samba has provided patches for 4.10, 4.11 and 4.12, Ubuntu must have
> > backported these to 4.3.11
>
> Rowland is correct here.
>
> From the description this looks like an untested backport.
In their defence, since 10374dde0f9d2e13496198b90c0c6e592bfef86c in
Samba 4.4, smb.conf generation has been entirely automated, but for
Samba 4.3 the param_table in lib/param/param_table.c still needed to be
filled in.
So it would not have been obvious that the patch wasn't complete.
I've CC'ed the Marc as the Ubuntu developer in the changelog.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list