-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
3.79. samba and samba3x
Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.
Security Fixes
- CVE-2013-4408
- A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges.
- CVE-2013-4475
- A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions.
Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue.
All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.
Security Fixes
- CVE-2013-4496
- It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller.
- CVE-2012-6150
- A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service.
Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496.
All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Updated samba3x packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.
This update also fixes the following bugs:
Note
The samba3x packages have been upgraded to upstream version 3.6.23, which provides a number of bug fixes and enhancements over the previous version. Note that this also changes the format of the Trivial Database (TDB) files, and the existing TDB files are updated to conform to the new format when you upgrade your Samba packages. In addition, earlier versions of Samba are not compatible with the new TDB file format. In order to successfully downgrade to an earlier version of Samba, you must use a backed up version of your TDB files, which uses the previous formatting. (BZ#1035006)
This update also fixes the following bugs:
Bug Fixes
- BZ#1109436
- Due to incorrect Security Identifier (SID) mappings for Access Control List (ACL) files, generating a user access token previously sometimes failed. With this update, the conversion of SID values for ACL files has been amended and user access tokens are created as expected.
- BZ#981369
- Prior to this update, an incorrect return value check caused the fallback from TCP/IP to a named pipe to fail. As a consequence, it was not possible to create a Local Security Authority (LSA) query for user and group information. This update fixes the check of the above return value, allowing the fallback to a named pipe to occur. As a result, LSA querying over a named pipe now works as expected.
- BZ#1033773
- Prior to this update, the search string of the function encoding the Lightweight Directory Access Protocol (LDAP) binary, ldb_binary_encode(), detected the used character set incorrectly. As a consequence, Samba generated invalid search strings. This update fixes the encoding of the local string, and Samba now generates valid LDAP search strings.
- BZ#1081002
- Previously, Samba always wrote a negative cache entry for the user map. As a consequence, user name mapping did not function consistently. With this update, Samba only writes a negative cache entry if the mapping fails, and user name mapping now works correctly.
- BZ#996656
- When the smbd server daemon executed spooling for a print action, it previously did not include the job ID in the generated spool-file path. As a consequence, the spool check could not validate the spool-file's existence, and the printing thus failed. With this update, smbd includes the job ID in the spool-file path and parsing the file name succeeds. As a result, printing via Samba now works as expected.
The samba3x packages have been upgraded to upstream version 3.6.23, which provides a number of bug fixes and enhancements over the previous version. Note that this also changes the format of the Trivial Database (TDB) files, and the existing TDB files are updated to conform to the new format when you upgrade your Samba packages. In addition, earlier versions of Samba are not compatible with the new TDB file format. In order to successfully downgrade to an earlier version of Samba, you must use a backed up version of your TDB files, which uses the previous formatting. (BZ#1035006)
In addition, this update adds the following
Enhancements
- BZ#1037273
- A timeout option has been added to the smbclient command-line tool. This allows users to customize the timeout value for Samba file operations by using the "smbclient --help | grep timeout" command.
- BZ#1101922
- It is now possible to set a different OS version for the Spool Subsystem (spoolss) configuration. This allows users to work around situations where printing drivers do not interact with the printing server because they detect that the version of the printing server is too old.
Users of Samba are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the smb service will be restarted automatically.
