[Announce] Samba 4.7.6, 4.6.14 and 4.5.16 Security Releases Available for Download
Denis Cardon
dcardon at tranquil.it
Tue Mar 13 16:17:36 UTC 2018
Hi everyone,
> Release Announcements
> ---------------------
>
> These are security release in order to address the following defects:
>
> o CVE-2018-1050 (Denial of Service Attack on external print server.)
> o CVE-2018-1057 (Authenticated users can change other users' password.)
>
>
> =======
> Details
> =======
>
> o CVE-2018-1050:
> All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
> service attack when the RPC spoolss service is configured to be run as
> an external daemon. Missing input sanitization checks on some of the
> input parameters to spoolss RPC calls could cause the print spooler
> service to crash.
>
> There is no known vulnerability associated with this error, merely a
> denial of service. If the RPC spoolss service is left by default as an
> internal service, all a client can do is crash its own authenticated
> connection.
>
> o CVE-2018-1057:
> On a Samba 4 AD DC the LDAP server in all versions of Samba from
> 4.0.0 onwards incorrectly validates permissions to modify passwords
> over LDAP allowing authenticated users to change any other users'
> passwords, including administrative users.
>
> Possible workarounds are described at a dedicated page in the Samba wiki:
> https://wiki.samba.org/index.php/CVE-2018-1057
it seems that there is a bug in the samba_CVE-2018-1057_helper
mitigation script for 4.6 and below. It works fine on 4.7 though.
It call modify_sd_on_dn() in sd_utils.py with an ldb.DN object (which is
ok in 4.7), but in 4.6 this function only accepts DN strings.
Adding the support of ldb.DN in modify_sd_on_dn() does the trick (by
backporting the "if instance()" check of 4.7.
I'll take a look at patching the mitigation helper, which would make
more sense.
By the way, thanks for the nice applying patches, we have had more than
200 DC updates on three dozen domains to latest 4.7.6 without any
glitches! Now we have to deal with the domains that we cannot upgrade
readily, so we have to get that mitigation script going :-)
Cheers,
Denis
>
>
> Changes:
> --------
>
> o Jeremy Allison <jra at samba.org>
> * BUG 11343: CVE-2018-1050: Codenomicon crashes in spoolss server code.
>
> o Ralph Boehme <slow at samba.org>
> * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
> password.
>
> o Stefan Metzmacher <metze at samba.org>
> * BUG 13272: CVE-2018-1057: Unprivileged user can change any user (and admin)
> password.
>
>
> #######################################
> Reporting bugs & Development Discussion
> #######################################
>
> Please discuss this release on the samba-technical mailing list or by
> joining the #samba-technical IRC channel on irc.freenode.net.
>
> If you do report problems then please try to send high quality
> feedback. If you don't provide vital information to help us track down
> the problem then you will probably be ignored. All bug reports should
> be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
> database (https://bugzilla.samba.org/).
>
>
> ======================================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ======================================================================
>
>
>
> ================
> Download Details
> ================
>
> The uncompressed tarballs and patch files have been signed
> using GnuPG (ID 6F33915B6568B7EA). The source code can be downloaded
> from:
>
> https://download.samba.org/pub/samba/stable/
>
> The release notes are available online at:
>
> https://www.samba.org/samba/history/samba-4.7.6.html
> https://www.samba.org/samba/history/samba-4.6.14.html
> https://www.samba.org/samba/history/samba-4.5.16.html
>
> Our Code, Our Bugs, Our Responsibility.
> (https://bugzilla.samba.org/)
>
> --Enjoy
> The Samba Team
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
More information about the samba-technical
mailing list