Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in samba4
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in samba4
ID: MDVSA-2015:083
Distribution: Mandriva
Plattformen: Mandriva Business Server 2.0
Datum: Sa, 28. März 2015, 11:01
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
https://www.samba.org/samba/history/samba-4.1.15.html
https://www.samba.org/samba/history/samba-4.1.16.html
https://www.samba.org/samba/history/samba-4.1.17.html
https://www.samba.org/samba/security/CVE-2014-8143
https://www.samba.org/samba/security/CVE-2015-0240

Originalnachricht

This is a multi-part message in MIME format...

------------=_1427531610-3111-5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:083
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : samba4
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in samba4:

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before
4.2rc4, when an Active Directory Domain Controller (AD DC)
is configured, allows remote authenticated users to set the LDB
userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain
privileges, by leveraging delegation of authority for user-account
or computer-account creation (CVE-2014-8143).

An uninitialized pointer use flaw was found in the Samba daemon
(smbd). A malicious Samba client could send specially crafted netlogon
packets that, when processed by smbd, could potentially lead to
arbitrary code execution with the privileges of the user running smbd
(by default, the root user) (CVE-2015-0240).

The updated packages provides a solution for these security issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
https://www.samba.org/samba/history/samba-4.1.15.html
https://www.samba.org/samba/history/samba-4.1.16.html
https://www.samba.org/samba/history/samba-4.1.17.html
https://www.samba.org/samba/security/CVE-2014-8143
https://www.samba.org/samba/security/CVE-2015-0240
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
7a21c3baa011c68360bcaa5a086d0122
mbs2/x86_64/lib64samba41-4.1.17-1.mbs2.x86_64.rpm
e67ad9bd1020e4de0afa2b91c29fc99d
mbs2/x86_64/lib64samba4-dc0-4.1.17-1.mbs2.x86_64.rpm
46ed288d10dd123272dd812ae56ec6ee
mbs2/x86_64/lib64samba4-devel-4.1.17-1.mbs2.x86_64.rpm
1a4f3437669ca98899dfcdf2e8881870
mbs2/x86_64/lib64samba4-smbclient0-4.1.17-1.mbs2.x86_64.rpm
cea478050042fea1d543c6988dc9e5d3
mbs2/x86_64/lib64samba4-smbclient-devel-4.1.17-1.mbs2.x86_64.rpm
078bdb566527115b87ae84051af53f83
mbs2/x86_64/lib64samba4-test0-4.1.17-1.mbs2.x86_64.rpm
f907110b336f2151532d332a96704444
mbs2/x86_64/lib64samba4-test-devel-4.1.17-1.mbs2.x86_64.rpm
9f02113c351530d89f660c57ad738e0d
mbs2/x86_64/lib64samba4-wbclient0-4.1.17-1.mbs2.x86_64.rpm
a4ee31b7ca1c9c10840b5128780c10ae
mbs2/x86_64/lib64samba4-wbclient-devel-4.1.17-1.mbs2.x86_64.rpm
361e64104d96f176acb1ea2b7a7dcab3
mbs2/x86_64/python-samba4-4.1.17-1.mbs2.x86_64.rpm
728fe28155e9ea617eb7b3e8c1f81560 mbs2/x86_64/samba4-4.1.17-1.mbs2.x86_64.rpm
f95961c85294f2eb4e67412c333a8600
mbs2/x86_64/samba4-client-4.1.17-1.mbs2.x86_64.rpm
20260736d550aed06b930a80378f1ade
mbs2/x86_64/samba4-common-4.1.17-1.mbs2.x86_64.rpm
ba87fe4573774f2b6d39eb244906b8e2
mbs2/x86_64/samba4-dc-4.1.17-1.mbs2.x86_64.rpm
77d4df40799cb8b265bf04e948cb4c09
mbs2/x86_64/samba4-pidl-4.1.17-1.mbs2.noarch.rpm
0473c05efdc448e87195f0162e106ad9
mbs2/x86_64/samba4-test-4.1.17-1.mbs2.x86_64.rpm
0c947489754bd227bb70f4d13e42ac1c
mbs2/x86_64/samba4-vfs-glusterfs-4.1.17-1.mbs2.x86_64.rpm
3a6a91b25a097b2aee84dbd05b628fbf
mbs2/x86_64/samba4-winbind-4.1.17-1.mbs2.x86_64.rpm
302dd7340f910fac0a6d185ebac1c708
mbs2/x86_64/samba4-winbind-clients-4.1.17-1.mbs2.x86_64.rpm
3954449c55b63201fb6c82e123f42420
mbs2/x86_64/samba4-winbind-krb5-locator-4.1.17-1.mbs2.x86_64.rpm
e30ce619fe04c7005bade1fb2051cdf2
mbs2/x86_64/samba4-winbind-modules-4.1.17-1.mbs2.x86_64.rpm
b7a4a89d736ebde71080926777ebf1bd mbs2/SRPMS/samba4-4.1.17-1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFlh+mqjQ0CJFipgRAkoZAKCwlrjIFlckh4Ufxi8VtlnPSDRFnACfYdAB
JPQ7KCtyJGZ0kJGXZggwq7U=
=OGlL
-----END PGP SIGNATURE-----


------------=_1427531610-3111-5
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1427531610-3111-5--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung