Mandriva Linux Security Advisory 2015-082 - In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication. Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).
a746da07e0936d2f90ff3113f5c91d8a56d359101e9fd3c4b400291184eac8c7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:082
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : samba
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated samba packages fix security vulnerabilities:
In Samba before 3.6.23, the SAMR server neglects to ensure that
attempted password changes will update the bad password count, and does
not set the lockout flags. This would allow a user unlimited attempts
against the password by simply calling ChangePasswordUser2 repeatedly.
This is available without any other authentication (CVE-2013-4496).
Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory
when shadow copy is enabled (CVE-2014-0178).
Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable
to a denial of service on the nmbd NetBIOS name services daemon. A
malformed packet can cause the nmbd server to loop the CPU and prevent
any further NetBIOS ame service (CVE-2014-0244).
Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected
by a denial of service crash involving overwriting memory on an
authenticated connection to the smbd file server (CVE-2014-3493).
An uninitialized pointer use flaw was found in the Samba daemon
(smbd). A malicious Samba client could send specially crafted netlogon
packets that, when processed by smbd, could potentially lead to
arbitrary code execution with the privileges of the user running smbd
(by default, the root user) (CVE-2015-0240).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
http://advisories.mageia.org/MGASA-2014-0138.html
http://advisories.mageia.org/MGASA-2014-0279.html
http://advisories.mageia.org/MGASA-2015-0084.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
d5eebcafd60491a0234a65d554fe8215 mbs2/x86_64/lib64netapi0-3.6.25-1.mbs2.x86_64.rpm
00e4940a6c0d55c938244e089d435040 mbs2/x86_64/lib64netapi-devel-3.6.25-1.mbs2.x86_64.rpm
a8d521d5ff42f668b2701e5930f47e82 mbs2/x86_64/lib64smbclient0-3.6.25-1.mbs2.x86_64.rpm
fb75164165fce2046f92160cfaf1a05b mbs2/x86_64/lib64smbclient0-devel-3.6.25-1.mbs2.x86_64.rpm
d18bb1a8d87c85a525dc604b09790aae mbs2/x86_64/lib64smbclient0-static-devel-3.6.25-1.mbs2.x86_64.rpm
186cef9f46545399665b85f43fbed408 mbs2/x86_64/lib64smbsharemodes0-3.6.25-1.mbs2.x86_64.rpm
952887304f08621ae17d2a80f5bff8f0 mbs2/x86_64/lib64smbsharemodes-devel-3.6.25-1.mbs2.x86_64.rpm
fd1b2a84abeddad8d700fd2f03044b9c mbs2/x86_64/lib64wbclient0-3.6.25-1.mbs2.x86_64.rpm
22141daaf825543f94ac3d717c7fc546 mbs2/x86_64/lib64wbclient-devel-3.6.25-1.mbs2.x86_64.rpm
83167c8ea7e8fafee55988ad3bbf0cbe mbs2/x86_64/nss_wins-3.6.25-1.mbs2.x86_64.rpm
d02c7826925091daf21f612a491f3d10 mbs2/x86_64/samba-client-3.6.25-1.mbs2.x86_64.rpm
747f22b55716d64c3f8c68dc4f644f4a mbs2/x86_64/samba-common-3.6.25-1.mbs2.x86_64.rpm
7b4bb64285d633bcf7ee027c74112316 mbs2/x86_64/samba-doc-3.6.25-1.mbs2.noarch.rpm
ae8b375a7415d5f18654a5771639cb73 mbs2/x86_64/samba-domainjoin-gui-3.6.25-1.mbs2.x86_64.rpm
5e93bbf392bb83baa9a6eff2fd4975ed mbs2/x86_64/samba-server-3.6.25-1.mbs2.x86_64.rpm
4cf2f7bbebc7d62840514ae984c6c6ba mbs2/x86_64/samba-swat-3.6.25-1.mbs2.x86_64.rpm
34c333a6ddc9c59fe446cddf67120fac mbs2/x86_64/samba-virusfilter-clamav-3.6.25-1.mbs2.x86_64.rpm
a126f6022cd26bc032282cab61dc097b mbs2/x86_64/samba-virusfilter-fsecure-3.6.25-1.mbs2.x86_64.rpm
a5d673260f527fd58519dbcd62950b84 mbs2/x86_64/samba-virusfilter-sophos-3.6.25-1.mbs2.x86_64.rpm
49592172e00aee408edcccc73b3cde65 mbs2/x86_64/samba-winbind-3.6.25-1.mbs2.x86_64.rpm
546147333706f85b79bc5a7390c9899f mbs2/SRPMS/samba-3.6.25-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFlU3mqjQ0CJFipgRAorMAJ4wSA7ksJ9nMr3mhnow+9+M0qg8fQCfech+
Q9OQhX7dd+rb3g6WzLJErO4=
=5rd1
-----END PGP SIGNATURE-----