Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in Samba
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Samba
ID: USN-4559-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
Datum: Mi, 30. September 2020, 19:19
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472
Applikationen: Samba

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7022266495041212026==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="BMZnelBb8biAK9N0Azs4op9JGQeDQYAKy"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BMZnelBb8biAK9N0Azs4op9JGQeDQYAKy
Content-Type: multipart/mixed;
boundary="umnTT4a4b3V3y5LVv4cMzAUh9psPZBhXa"

--umnTT4a4b3V3y5LVv4cMzAUh9psPZBhXa
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4559-1
September 30, 2020

samba update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security improvements were added to Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the credentials of
the domain admin.

While a previous security update fixed the issue by changing the "server
schannel" setting to default to "yes", instead of "auto",
which forced a
secure netlogon channel, this update provides additional improvements.

For compatibility reasons with older devices, Samba now allows specifying
an insecure netlogon configuration per machine. See the following link for
examples: https://www.samba.org/samba/security/CVE-2020-1472.html

In addition, this update adds additional server checks for the protocol
attack in the client-specified challenge to provide some protection when
'server schannel = no/auto' and avoid the false-positive results when
running the proof-of-concept exploit.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
samba 2:4.11.6+dfsg-0ubuntu1.5

Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.20

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.31

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4559-1
CVE-2020-1472

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.5
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.20
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.31


--umnTT4a4b3V3y5LVv4cMzAUh9psPZBhXa--

--BMZnelBb8biAK9N0Azs4op9JGQeDQYAKy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl90lcgACgkQZWnYVadE
vpNyYw//YVFP4Hb6VgElVufBpE9BrDh9mrXUIvo/LNjmicmVjtlLpF6RGt262Xut
Dj1U2mM+U3xwNKHTHziDltlifefQJ59NWcvGYDhVFplTGGDcg/tgpwaovdxUKC0o
kNEUuE6iZeQc8hc9Vv8C4pwoOSp42wd79FpRmrb0hj+EMUs6weSB/ubeK+SwHT7m
ALUvo10LVWG9VofC+xA0A1oWbHphMhwxF7ikb+mLVaWMMvDir+tkTGVef6+NVCSw
8hfus7d2BwwTuKeN7G57wbR5OUFLSAS+Cq2v/RZyi/WaaZ4UGLixfq+UMPqg5t/d
sJAH+mIN8G8gS77elx6ZPSO+W48K42UwHL0WQGCfFaGCkYHcG1v+OcbeOsVQynga
ltmJokcc4h4eQr+97Ol/egQuKD4AHGeDDSmCzJaaPe+kqe/jVhHzxZjv2r21vdHN
WMuumjmO1QdecJU8/IbdtlFXJH5Rdrf/GMImPloNBEBuLQeAtPjcOOYI9KWzcvOz
W0Myqs3rvDKkU+si/a8hwOa4Kh3YimfdBYUz1mkJEGqt7f21mHhf4rS9qlgZriIM
tpkhKlZ1L1w3O5OJ7KnRf5jN1MYksAu40gF+GlylxS4izD+rOIv2OgybwJ6vTrNr
XCuOER2oyIAc7ZjZ3mskqfwVEOzZz1uiWaamdsZUuK7yMBVMTa4=
=UVS1
-----END PGP SIGNATURE-----

--BMZnelBb8biAK9N0Azs4op9JGQeDQYAKy--


--===============7022266495041212026==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============7022266495041212026==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung