1. Forum
  2. Usenet
  3. LINUX.SAMBA.ANNOUNCE

  • [Announce] Samba 4.3.6, 4.2.9, 4.1.23 and 4.4.0rc4 Security Releases Av

    From Karolin Seeger@21:1/5 to All on Tue Mar 8 14:20:04 2016
    XPost: linux.samba

    Release Announcements
    ---------------------

    This is a security release in order to address the following CVEs:

    o CVE-2015-7560 (Incorrect ACL get/set allowed on symlink path)
    o CVE-2016-0771 (Out-of-bounds read in internal DNS server)

    =======
    Details
    =======

    o CVE-2015-7560:
    All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to
    a malicious client overwriting the ownership of ACLs using symlinks.

    An authenticated malicious client can use SMB1 UNIX extensions to
    create a symlink to a file or directory, and then use non-UNIX SMB1
    calls to overwrite the contents of the ACL on the file or directory
    linked to.

    o CVE-2016-0771:
    All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as
    an AD DC and choose to run the internal DNS server, are vulnerable to an
    out-of-bounds read issue during DNS TXT record handling caused by users
    with permission to modify DNS records.

    A malicious client can upload a specially constructed DNS TXT record,
    resulting in a remote denial-of-service attack. As long as the affected
    TXT record remains undisturbed in the Samba database, a targeted DNS
    query may continue to trigger this exploit.

    While unlikely, the out-of-bounds read may bypass safety checks and
    allow leakage of memory from the server in the form of a DNS TXT reply.

    By default only authenticated accounts can upload DNS records,
    as "allow dns updates = secure only" is the default.
    Any other value would allow anonymous clients to trigger this
    bug, which is a much higher risk.


    #######################################
    Reporting bugs & Development Discussion
    #######################################

    Please discuss this release on the samba-technical mailing list or by
    joining the #samba-technical IRC channel on irc.freenode.net.

    If you do report problems then please try to send high quality
    feedback. If you don't provide vital information to help us track down
    the problem then you will probably be ignored. All bug reports should
    be filed under the "Samba 4.1 and newer" product in the project's Bugzilla database (https://bugzilla.samba.org/).


    ======================================================================
    == Our Code, Our Bugs, Our Responsibility.
    == The Samba Team ======================================================================


    ================
    Download Details
    ================

    The uncompressed tarballs and patch files have been signed
    using GnuPG (ID 6568B7EA). The source code can be downloaded
    from:

    https://download.samba.org/pub/samba/stable/
    https://download.samba.org/pub/samba/rc/

    Patches addressing this defect have been posted to

    https://www.samba.org/samba/history/security.html

    The release notes are available online at:

    https://www.samba.org/samba/history/samba-4.3.6.html
    https://www.samba.org/samba/history/samba-4.2.9.html
    https://www.samba.org/samba/history/samba-4.1.23.html
    https://download.samba.org/pub/samba/rc/samba-4.4.0rc4.WHATSNEW.txt

    Our Code, Our Bugs, Our Responsibility.
    (https://bugzilla.samba.org/)

    --Enjoy
    The Samba Team

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iEYEARECAAYFAlbezKwACgkQKGi9fisXk1EDbACg0Dpm/22F1ie8QCmsirTT8QmO JAIAoIx4imyjATHFEBgYp/I5X8386BOy
    =woYF
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)