drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Samba (Aktualisierung)
| Name: |
Preisgabe von Informationen in Samba (Aktualisierung) |
|
| ID: |
USN-4510-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 14.04 ESM |
|
| Datum: |
Do, 17. September 2020, 23:18 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472 |
|
| Applikationen: |
Samba |
|
| Update von: |
Preisgabe von Informationen in Samba |
|
Originalnachricht |
--===============2627522957014364489==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="HcAYCG3uE/tztfnV"
Content-Disposition: inline
--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-4510-2
September 17, 2020
samba vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Samba would allow unintended access to files over the network.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-4510-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the credentials of
the domain admin.
This update fixes the issue by changing the "server schannel" setting
to
default to "yes", instead of "auto", which will force a secure
netlogon
channel. This may result in compatibility issues with older devices. A
future update may allow a finer-grained control over this setting.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4510-2
https://usn.ubuntu.com/4510-1
CVE-2020-1472
--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl9jXKIACgkQRbznW4QL
H2ngpg//Q0WyVPuOWri3HwvXVrLCeVBrxCQrUmACdT5Sahf0K2Hrz9g5r1yUt3FH
CgtHVk03bMxMRTwdno3kxargyMU0qtXubqJ+8jQtNQgUGNHo6Ihm2PO95MVynzrS
JG/ZQIrP5P6jo5MNEK6VIWhqUhVDh64oq4PF/unsx8eOP36E29oVq2oGoWh2PgIK
sjCtMbhN2yJ1UtlLZ6cyq0agjswvrMHYm6WDBAztJmPlD2tpF3wVGWPk19PSIV4L
svyM4khYsahouIHa+Mgr8YsJsOLam3xu9KurcN9t87T1AUVda5kKwlJ7n1yTZbPf
abwLSoXcw8usMxKcroqGRjPfaawVIYw6fvPef/4XX8bJmmK8nc0zxNcYHwC1z3hU
y35WO8052TUc7OHApn7W84ZLx9b0iAJl3soc56PDKNPA+YbLtrPpu/5/sE5r1VaC
OKJePSOR4eLN0AU8Vr5XWuUfdcJHknlopgInYzkU2pnw3crg40wlhoJ8yhRlBqXh
FFOJxbtOHjrrGvdU+xsiOGaBzhsvKQMSsxrnPPh0dZpMWNckuTk/4MiAKhACtBZR
bXSJ7jCKzWiOKP+LD3Tgt5c2WWv/eh1lgdht2PJ0v3LcranHBGTPiYSFQF7Qi0CJ
l769tL37n29wLyolGW4iN1oZHiseBgozHNI6EtKLo2voPZsqGbU=
=+wii
-----END PGP SIGNATURE-----
--HcAYCG3uE/tztfnV--
--===============2627522957014364489==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|
