Sicherheit: Mangelnde Rechteprüfung in Samba

Lesezeichen hinzufügen

--===============7895619225675275911==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="qMm9M+Fa2AknHoGS"
Content-Disposition: inline

--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-1434-1
May 01, 2012

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Samba could allow a user to gain administrative privileges to the Samba server.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Ivano Cristofolini discovered that Samba incorrectly handled some Local
Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated
attacker could exploit this to grant administrative privileges to arbitrary
users. The administrative privileges could be used to bypass permission checks
performed by the Samba server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
samba 2:3.6.3-2ubuntu2.1

Ubuntu 11.10:
samba 2:3.5.11~dfsg-1ubuntu2.3

Ubuntu 11.04:
samba 2:3.5.8~dfsg-1ubuntu2.5

Ubuntu 10.04 LTS:
samba 2:3.4.7~dfsg-1ubuntu3.10

After a standard system update you may need to review the privileges of Samba
user accounts.

References:
http://www.ubuntu.com/usn/usn-1434-1
CVE-2012-2111

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:3.6.3-2ubuntu2.1
https://launchpad.net/ubuntu/+source/samba/2:3.5.11~dfsg-1ubuntu2.3
https://launchpad.net/ubuntu/+source/samba/2:3.5.8~dfsg-1ubuntu2.5
https://launchpad.net/ubuntu/+source/samba/2:3.4.7~dfsg-1ubuntu3.10

--qMm9M+Fa2AknHoGS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIbBAEBCgAGBQJPn5HaAAoJENaSAD2qAscKrSwP+MHswfkl+o55P/CJaHeZa/h+
fm/DVMmXovM9wKAUCJO3YEqE7hJ+1BT9fXGr/AbDoVUKnn0hk6ilHsVpaDx95x7d
O2cng4I9+UTM7gYldmHVWZmxfh+IWovHipvPXm+rFFu2a2THREEbEIa6gNbeNh2E
AkjiQY40HpohxMcygYb3JpG/WsRoFBgFbIviOvJBsP/ebvZoba6NgooI6AFTQQ6F
Q1a8oFCEBSo8mqityXS11aTrY/e+qJ87vmfI0E6iB/+coAybDZZekHbqJrjUmiPS
fbwFZSH0x5zu15/LDwd21D1O/vpYlaA6gsWQsKmdLH8RDROIUvVYmtTKC/oxwnA2
IawP2HB8alpCcRelEbMfiVG14hFnKSlDhZCK6NFYgjjiUgIAKfEE+xGjBVIMGYpw
shLq6hO1b2xGbcW8MwamdD2UMO/lX05+uhT3LT67VzRobP3fn1T5QQ0VFgw6IKrO
dl5LWxbghqeSh7C88tmidR810bcjHLcjlFdh/b1I0TvMZPoqPj1hW63hJsV539bC
XFnlYtgqQQATL7HKU5qZy7a+mzPqDqFGLbo5THrCFRqrCJfURIWTCW3gQQwD6AdY
8gnFXBVmDXOGJxLH5LNEMGqeA9QQtNJPW2B85Y1N2plKFGZOVEQuVJFYznvxrEAs
D517Ny8CVfHrCCUdSOI=
=iJBu
-----END PGP SIGNATURE-----

--qMm9M+Fa2AknHoGS--

--===============7895619225675275911==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7895619225675275911==--