Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Samba
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Samba
ID: MDVSA-2013:299
Distribution: Mandriva
Plattformen: Mandriva Business Server 1.0
Datum: So, 22. Dezember 2013, 20:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://www.samba.org/samba/history/samba-3.6.21.html
http://www.samba.org/samba/history/samba-3.6.22.html
Applikationen: Samba

Originalnachricht

This is a multi-part message in MIME format...

------------=_1387732364-2618-59

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:299
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : samba
Date : December 22, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in samba:

The winbind_name_list_to_sid_string_list function in
nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid
require_membership_of group names by accepting authentication by
any user, which allows remote authenticated users to bypass intended
access restrictions in opportunistic circumstances by leveraging an
administrator's pam_winbind configuration-file mistake
(CVE-2012-6150).

Buffer overflow in the dcerpc_read_ncacn_packet_done function in
librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22,
4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain
controllers to execute arbitrary code via an invalid fragment length
in a DCE-RPC packet (CVE-2013-4408).

The updated packages has been upgraded to the 3.6.22 version which
resolves various upstream bugs and is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://www.samba.org/samba/history/samba-3.6.21.html
http://www.samba.org/samba/history/samba-3.6.22.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
e75ca171513e6b1c54ad77fe0feeabe2
mbs1/x86_64/lib64netapi0-3.6.22-1.mbs1.x86_64.rpm
dbfc96f66f6328db3597dea747915f24
mbs1/x86_64/lib64netapi-devel-3.6.22-1.mbs1.x86_64.rpm
569452556235a2d00f3e31ca9244e99f
mbs1/x86_64/lib64smbclient0-3.6.22-1.mbs1.x86_64.rpm
e45b969bcd034b37d6eea9e6438dc623
mbs1/x86_64/lib64smbclient0-devel-3.6.22-1.mbs1.x86_64.rpm
61624e0bdb59db6a7b38ff6df9b528c0
mbs1/x86_64/lib64smbclient0-static-devel-3.6.22-1.mbs1.x86_64.rpm
2cab4c1de652fdb153ffc171fd85cb13
mbs1/x86_64/lib64smbsharemodes0-3.6.22-1.mbs1.x86_64.rpm
432de62da07d76a1c6caee4f5c86b98e
mbs1/x86_64/lib64smbsharemodes-devel-3.6.22-1.mbs1.x86_64.rpm
ddd929553b7ae807428e9e172295a899
mbs1/x86_64/lib64wbclient0-3.6.22-1.mbs1.x86_64.rpm
43bd4bd6c15d0dece283d1aec84a3714
mbs1/x86_64/lib64wbclient-devel-3.6.22-1.mbs1.x86_64.rpm
586fcb19209338416273009e2d7b3c8b
mbs1/x86_64/nss_wins-3.6.22-1.mbs1.x86_64.rpm
d6e2b27265691f111aa364e7ae5c5276
mbs1/x86_64/samba-client-3.6.22-1.mbs1.x86_64.rpm
f66d7573d84f5238d3324748511ad2a4
mbs1/x86_64/samba-common-3.6.22-1.mbs1.x86_64.rpm
07e7710d4b9295fb62e81f23ac723bea
mbs1/x86_64/samba-doc-3.6.22-1.mbs1.noarch.rpm
67ff474d324a41753f5bdfaf63fd07b3
mbs1/x86_64/samba-domainjoin-gui-3.6.22-1.mbs1.x86_64.rpm
e81a7bf8da697a055d2e980d54f7ab87
mbs1/x86_64/samba-server-3.6.22-1.mbs1.x86_64.rpm
88f34c6bff167020ffa8cb2e8b3d6e6f
mbs1/x86_64/samba-swat-3.6.22-1.mbs1.x86_64.rpm
dcd6bbf7a2fb1dd95fb02f21dfb9acd0
mbs1/x86_64/samba-virusfilter-clamav-3.6.22-1.mbs1.x86_64.rpm
76ccda39bbf6b56e004e15f04ca9ff0d
mbs1/x86_64/samba-virusfilter-fsecure-3.6.22-1.mbs1.x86_64.rpm
3dfe1d3ceb575288ebd711a021e20ce5
mbs1/x86_64/samba-virusfilter-sophos-3.6.22-1.mbs1.x86_64.rpm
e9fd794dbc4491dd5ca595a6cee20479
mbs1/x86_64/samba-winbind-3.6.22-1.mbs1.x86_64.rpm
1c633723bd82487b385bdf65e6ef253c mbs1/SRPMS/samba-3.6.22-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFStvLSmqjQ0CJFipgRArQbAJ92lnIbHg7gbCGhOZyU2Dq8m6loNwCfetCt
p5/1VzCAcokyiwxibLK14xY=
=JHLU
-----END PGP SIGNATURE-----


------------=_1387732364-2618-59
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1387732364-2618-59--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung