- It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session.
- A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.
- An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory.
NoteThis issue does not affect the default configuration of samba server.
- When a domain controller (DC) was rebuilding the System Volume (Sysvol) directory, it disabled the Net Logon service. Even if another working DC was available, users were not able to log in until the rebuilding was finished and, as a consequence, error messages were returned. With this update, when an attempt to open the Net Logon connection fails two times, users are able to log in using another DC without any errors.
- Previously, when the
windbindd) authenticated Active Directory (AD) users, it used 100% of the CPU and stopped the user authentication. This update provides a patch to fix this bug and
windbinddnow works as expected.
- When the
windbindd) was not able to establish a Server Message Block (SMB) connection to a domain controller (DC), it retried three times in a row, waited for some time and tried to connect again. Because the socket that
windbinddhad opened to connect to DC was not closed,
windbinddleaked three sockets each time it tried to establish the connection, which led to depletion of the available sockets. With this update, a patch has been provided to fix this bug and the sockets are now closed correctly so that
windbinddno longer leaks sockets in the described scenario.
- Previously, guest users did not have the correct token allowing write operations on a writable guest share. Consequently, such users were not able to create or write to any files within the share. With this update, a patch has been provided to fix this bug and the guest users are able to write to or create any files within the writable share as expected.
shareparameter is obsolete and the security mode should be set to
- The Samba service contains the user name mapping optimization that stores an unsuccessful mapping so that it is not necessary to traverse the whole mapping file every time. Due to a bug in the optimization, the user name mapping worked only once and then it was overwritten with the unsuccessful one. This update provides a patch to fix this bug and the successful user name mapping is no longer overwritten in the described scenario.
- Due to a bug in the authentication code that forwarded the NTLMv2 authentication challenge to the primary domain controller (PDC), an incorrect domain name was sent from a client. Consequently, the user was not able to log in, because when the domain name was hashed in the second NTLMv2 authentication challenge, the server could not verify the validity of the hash and the access was rejected. With this update, the correct domain name is set by the client to the PDC and the user is able to log in as expected.
- An attempt to execute the wkssvc_NetWkstaEnumUsers RPC command without a pointer to the resume handle caused the
smbddaemon to terminate with a segmentation fault. Consequently, the client was disconnected. With this update, the underlying source code has been adapted to verify that the pointer is valid before attempting to dereference it. As a result,
smbdno longer crashes in this situation.