Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.
- It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session.
- A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.
- An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory.
NoteThis issue did not affect the default configuration of the Samba server.
Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214.
- BZ#948071, BZ#953985
- An attempt to retrieve group information from a trusted domain using a connection based on the TCP/IP protocol failed, because the machine account credentials were required to establish a secured connection over TCP/IP. Consequently, a fallback to a named pipe connection did not work, and users were not able to log into a trusted domain. With this update, the fallback to a named pipe connection has been fixed and users can now log into trusted domains as expected.
- Previously, when the
winbindd) was under a heavy load to authenticate a large amount of Active Directory (AD) users, it was possible that it used 100% of the CPU and stopped the user authentication. This update provides a patch to improve the connection handling significantly, and
winbinddno longer stops the user authentication in the described scenario.
- The Samba service contains the user name mapping optimization that stores an unsuccessful mapping so that it is not necessary to traverse the whole mapping file every time. Due to a bug in the optimization, the user name mapping worked only once and then was subsequently overwritten by an unsuccessful mapping. This update provides a patch to fix this bug and the successful user name mapping is no longer overwritten in the described scenario.
- Previously, guest users in the "security = share" mode did not have the correct token that allowed write operations on a writable guest share. Consequently, such users were not able to create or write to any files within the share. With this update, a patch has been provided to fix this bug and the guest users are able to write to or create any files within the writable share as expected.
NoteThe "security = share" mode is deprecated and users should migrate to the "security = user" mode.
net ads keytab addcommand always converted characters in the service principal name (SPN) into uppercase characters. Consequently, several Kerberos services were not able to find their tickets. With this update, SPN is no longer converted into uppercase characters and Samba works as expected.
- Due to a bug in the authentication code that forwarded the NTLMv2 authentication challenge to the primary domain controller (PDC), an incorrect domain name could be sent from a client. Consequently, the user was not able to log in because when the domain name was hashed in the second NTLMv2 authentication challenge, the server could not verify the validity of the hash and the access was rejected. With this update, the correct domain name is set by the client to the PDC and the user is able to log in as expected.
- An attempt to execute the wkssvc_NetWkstaEnumUsers RPC command without a pointer to the resume handle caused the
smbddaemon to terminate with a segmentation fault. Consequently, the client was disconnected. With this update, the underlying source code has been adapted to verify that the pointer is valid before attempting to dereference it. As a result,
smbdno longer crashes in this situation.
- When a non-root user executed the
smbstatuscommand, the locked files were missing from the command output. The underlying source code has been modified to fix this bug and non-root users are now able to display the locked files as expected.
- Red Hat Enterprise Linux 6 can be used a print server that shares network printers used by Microsoft Windows 8 clients. Previously, the version of Samba shipped with Red Hat Enterprise Linux was not compatible with Windows 8. Consequently, when a Windows 8 client accessed a printer share and attempted to install the driver for this printer, an error occurred. This update applies a patch to fix this bug and Windows printer drivers can be now installed successfully in the described scenario.
- Previously, the main
winbinddaemon was not informed when its child process had successfully connected to a domain controller. As a consequence, the Network Data Representation (NDR) cache entries never expired and therefore the entries could not be updated. With this update, the
winbindchild process notifies the main
winbindprocess when it connects to a domain controller. As result, the cache is now updated as expected.
smbddaemon expected the old printing databases of Samba 3.5 to be in the UTF-8 format. However, the databases could be also in a different format, for example in Latin-1. Consequently,
smbdcould not migrate the database in this case. This update enhances the
netutility, which is used for administration of Samba and remote CIFS servers, to be able to encode the database correctly and convert it to UTF-8. As a result,
smbdcan now migrate the databases as expected.
Users of samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing this update, the smb service will be restarted automatically.