Описание
Security update for Samba
This update fixes the following security issues with Samba:
And fixes the following non-security issues:
Security Issue references:
Список пакетов
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 11 SP2
Ссылки
- Link for SUSE-SU-2015:0386-1
- E-Mail link for SUSE-SU-2015:0386-1
- SUSE Security Ratings
- SUSE Bug 437293
- SUSE Bug 726937
- SUSE Bug 765270
- SUSE Bug 769957
- SUSE Bug 770056
- SUSE Bug 770262
- SUSE Bug 771516
- SUSE Bug 779269
- SUSE Bug 783384
- SUSE Bug 783719
- SUSE Bug 786350
- SUSE Bug 786677
- SUSE Bug 787983
- SUSE Bug 788159
- SUSE Bug 790741
- SUSE Bug 791183
- SUSE Bug 792294
Описание
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
Затронутые продукты
Ссылки
- CVE-2012-6150
- SUSE Bug 844720
- SUSE Bug 853347
Описание
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
Затронутые продукты
Ссылки
- CVE-2013-0213
- SUSE Bug 799641
- SUSE Bug 800982
- SUSE Bug 880220
Описание
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
Затронутые продукты
Ссылки
- CVE-2013-0214
- SUSE Bug 799641
- SUSE Bug 880220
Описание
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Затронутые продукты
Ссылки
- CVE-2013-4124
- SUSE Bug 829969
Описание
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
Затронутые продукты
Ссылки
- CVE-2013-4408
- SUSE Bug 844720
- SUSE Bug 848101
- SUSE Bug 882906
Описание
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
Затронутые продукты
Ссылки
- CVE-2013-4475
- SUSE Bug 848101
- SUSE Bug 880220
Описание
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.
Затронутые продукты
Ссылки
- CVE-2013-4496
- SUSE Bug 849224
- SUSE Bug 866844
Описание
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
Затронутые продукты
Ссылки
- CVE-2014-0178
- SUSE Bug 872396
Описание
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
Затронутые продукты
Ссылки
- CVE-2014-0244
- SUSE Bug 880962
- SUSE Bug 883758
Описание
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
Затронутые продукты
Ссылки
- CVE-2014-3493
- SUSE Bug 878642
- SUSE Bug 880962
- SUSE Bug 883758
Описание
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
Затронутые продукты
Ссылки
- CVE-2015-0240
- SUSE Bug 917376