drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Samba (Aktualisierung)
Name: |
Preisgabe von Informationen in Samba (Aktualisierung) |
|
ID: |
USN-4510-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 ESM |
|
Datum: |
Do, 17. September 2020, 23:18 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472 |
|
Applikationen: |
Samba |
|
Update von: |
Preisgabe von Informationen in Samba |
|
Originalnachricht |
--===============2627522957014364489== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline
--HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4510-2 September 17, 2020
samba vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Samba would allow unintended access to files over the network.
Software Description: - samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin.
This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4510-2 https://usn.ubuntu.com/4510-1 CVE-2020-1472
--HcAYCG3uE/tztfnV Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl9jXKIACgkQRbznW4QL H2ngpg//Q0WyVPuOWri3HwvXVrLCeVBrxCQrUmACdT5Sahf0K2Hrz9g5r1yUt3FH CgtHVk03bMxMRTwdno3kxargyMU0qtXubqJ+8jQtNQgUGNHo6Ihm2PO95MVynzrS JG/ZQIrP5P6jo5MNEK6VIWhqUhVDh64oq4PF/unsx8eOP36E29oVq2oGoWh2PgIK sjCtMbhN2yJ1UtlLZ6cyq0agjswvrMHYm6WDBAztJmPlD2tpF3wVGWPk19PSIV4L svyM4khYsahouIHa+Mgr8YsJsOLam3xu9KurcN9t87T1AUVda5kKwlJ7n1yTZbPf abwLSoXcw8usMxKcroqGRjPfaawVIYw6fvPef/4XX8bJmmK8nc0zxNcYHwC1z3hU y35WO8052TUc7OHApn7W84ZLx9b0iAJl3soc56PDKNPA+YbLtrPpu/5/sE5r1VaC OKJePSOR4eLN0AU8Vr5XWuUfdcJHknlopgInYzkU2pnw3crg40wlhoJ8yhRlBqXh FFOJxbtOHjrrGvdU+xsiOGaBzhsvKQMSsxrnPPh0dZpMWNckuTk/4MiAKhACtBZR bXSJ7jCKzWiOKP+LD3Tgt5c2WWv/eh1lgdht2PJ0v3LcranHBGTPiYSFQF7Qi0CJ l769tL37n29wLyolGW4iN1oZHiseBgozHNI6EtKLo2voPZsqGbU= =+wii -----END PGP SIGNATURE-----
--HcAYCG3uE/tztfnV--
--===============2627522957014364489== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|