exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2015-082

Mandriva Linux Security Advisory 2015-082
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-082 - In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication. Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service. Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user).

tags | advisory, denial of service, arbitrary, root, code execution
systems | linux, mandriva
advisories | CVE-2013-4496, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2015-0240
SHA-256 | a746da07e0936d2f90ff3113f5c91d8a56d359101e9fd3c4b400291184eac8c7

Mandriva Linux Security Advisory 2015-082

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:082
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : samba
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________

Problem Description:

Updated samba packages fix security vulnerabilities:

In Samba before 3.6.23, the SAMR server neglects to ensure that
attempted password changes will update the bad password count, and does
not set the lockout flags. This would allow a user unlimited attempts
against the password by simply calling ChangePasswordUser2 repeatedly.
This is available without any other authentication (CVE-2013-4496).

Information leak vulnerability in the VFS code, allowing an
authenticated user to retrieve eight bytes of uninitialized memory
when shadow copy is enabled (CVE-2014-0178).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable
to a denial of service on the nmbd NetBIOS name services daemon. A
malformed packet can cause the nmbd server to loop the CPU and prevent
any further NetBIOS ame service (CVE-2014-0244).

Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected
by a denial of service crash involving overwriting memory on an
authenticated connection to the smbd file server (CVE-2014-3493).

An uninitialized pointer use flaw was found in the Samba daemon
(smbd). A malicious Samba client could send specially crafted netlogon
packets that, when processed by smbd, could potentially lead to
arbitrary code execution with the privileges of the user running smbd
(by default, the root user) (CVE-2015-0240).
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
http://advisories.mageia.org/MGASA-2014-0138.html
http://advisories.mageia.org/MGASA-2014-0279.html
http://advisories.mageia.org/MGASA-2015-0084.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 2/X86_64:
d5eebcafd60491a0234a65d554fe8215 mbs2/x86_64/lib64netapi0-3.6.25-1.mbs2.x86_64.rpm
00e4940a6c0d55c938244e089d435040 mbs2/x86_64/lib64netapi-devel-3.6.25-1.mbs2.x86_64.rpm
a8d521d5ff42f668b2701e5930f47e82 mbs2/x86_64/lib64smbclient0-3.6.25-1.mbs2.x86_64.rpm
fb75164165fce2046f92160cfaf1a05b mbs2/x86_64/lib64smbclient0-devel-3.6.25-1.mbs2.x86_64.rpm
d18bb1a8d87c85a525dc604b09790aae mbs2/x86_64/lib64smbclient0-static-devel-3.6.25-1.mbs2.x86_64.rpm
186cef9f46545399665b85f43fbed408 mbs2/x86_64/lib64smbsharemodes0-3.6.25-1.mbs2.x86_64.rpm
952887304f08621ae17d2a80f5bff8f0 mbs2/x86_64/lib64smbsharemodes-devel-3.6.25-1.mbs2.x86_64.rpm
fd1b2a84abeddad8d700fd2f03044b9c mbs2/x86_64/lib64wbclient0-3.6.25-1.mbs2.x86_64.rpm
22141daaf825543f94ac3d717c7fc546 mbs2/x86_64/lib64wbclient-devel-3.6.25-1.mbs2.x86_64.rpm
83167c8ea7e8fafee55988ad3bbf0cbe mbs2/x86_64/nss_wins-3.6.25-1.mbs2.x86_64.rpm
d02c7826925091daf21f612a491f3d10 mbs2/x86_64/samba-client-3.6.25-1.mbs2.x86_64.rpm
747f22b55716d64c3f8c68dc4f644f4a mbs2/x86_64/samba-common-3.6.25-1.mbs2.x86_64.rpm
7b4bb64285d633bcf7ee027c74112316 mbs2/x86_64/samba-doc-3.6.25-1.mbs2.noarch.rpm
ae8b375a7415d5f18654a5771639cb73 mbs2/x86_64/samba-domainjoin-gui-3.6.25-1.mbs2.x86_64.rpm
5e93bbf392bb83baa9a6eff2fd4975ed mbs2/x86_64/samba-server-3.6.25-1.mbs2.x86_64.rpm
4cf2f7bbebc7d62840514ae984c6c6ba mbs2/x86_64/samba-swat-3.6.25-1.mbs2.x86_64.rpm
34c333a6ddc9c59fe446cddf67120fac mbs2/x86_64/samba-virusfilter-clamav-3.6.25-1.mbs2.x86_64.rpm
a126f6022cd26bc032282cab61dc097b mbs2/x86_64/samba-virusfilter-fsecure-3.6.25-1.mbs2.x86_64.rpm
a5d673260f527fd58519dbcd62950b84 mbs2/x86_64/samba-virusfilter-sophos-3.6.25-1.mbs2.x86_64.rpm
49592172e00aee408edcccc73b3cde65 mbs2/x86_64/samba-winbind-3.6.25-1.mbs2.x86_64.rpm
546147333706f85b79bc5a7390c9899f mbs2/SRPMS/samba-3.6.25-1.mbs2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFlU3mqjQ0CJFipgRAorMAJ4wSA7ksJ9nMr3mhnow+9+M0qg8fQCfech+
Q9OQhX7dd+rb3g6WzLJErO4=
=5rd1
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close