Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0020-1

Опубликовано: 04 янв. 2017
Источник: suse-cvrf

Описание

Security update for samba

This update for samba fixes the following issues:

Security issues fixed:

  • CVE-2016-2125: Don't send delegated credentials to all servers. (bsc#1014441).
  • CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. (bsc#1014442).
  • CVE-2016-2123: Heap-based Buffer Overflow Remote Code Execution Vulnerability. (bsc#1014437). The component affected is not built in our packages.

Non security issues fixed:

  • s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085)
  • Add doc changes for net ads --no-dns-updates switch; (bsc#991564)
  • Include vfstest in samba-test; (bsc#1001203).
  • s3/winbindd: using default domain with user@domain.com format fails (bsc#997833).
  • Fix illegal memory access after memory has been deleted (bsc#975299).
  • Fix bug in tevent poll backend causing winbind to loop tightly (bsc#994500).
  • Various fixes for spnego/ntlm (bsc#986675). This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.1
ctdb-4.2.4-24.1
ctdb-devel-4.2.4-24.1
ctdb-tests-4.2.4-24.1
libdcerpc-atsvc-devel-4.2.4-24.1
libdcerpc-atsvc0-4.2.4-24.1
libdcerpc-atsvc0-32bit-4.2.4-24.1
libdcerpc-binding0-4.2.4-24.1
libdcerpc-binding0-32bit-4.2.4-24.1
libdcerpc-devel-4.2.4-24.1
libdcerpc-samr-devel-4.2.4-24.1
libdcerpc-samr0-4.2.4-24.1
libdcerpc-samr0-32bit-4.2.4-24.1
libdcerpc0-4.2.4-24.1
libdcerpc0-32bit-4.2.4-24.1
libgensec-devel-4.2.4-24.1
libgensec0-4.2.4-24.1
libgensec0-32bit-4.2.4-24.1
libndr-devel-4.2.4-24.1
libndr-krb5pac-devel-4.2.4-24.1
libndr-krb5pac0-4.2.4-24.1
libndr-krb5pac0-32bit-4.2.4-24.1
libndr-nbt-devel-4.2.4-24.1
libndr-nbt0-4.2.4-24.1
libndr-nbt0-32bit-4.2.4-24.1
libndr-standard-devel-4.2.4-24.1
libndr-standard0-4.2.4-24.1
libndr-standard0-32bit-4.2.4-24.1
libndr0-4.2.4-24.1
libndr0-32bit-4.2.4-24.1
libnetapi-devel-4.2.4-24.1
libnetapi0-4.2.4-24.1
libnetapi0-32bit-4.2.4-24.1
libregistry-devel-4.2.4-24.1
libregistry0-4.2.4-24.1
libregistry0-32bit-4.2.4-24.1
libsamba-credentials-devel-4.2.4-24.1
libsamba-credentials0-4.2.4-24.1
libsamba-credentials0-32bit-4.2.4-24.1
libsamba-hostconfig-devel-4.2.4-24.1
libsamba-hostconfig0-4.2.4-24.1
libsamba-hostconfig0-32bit-4.2.4-24.1
libsamba-passdb-devel-4.2.4-24.1
libsamba-passdb0-4.2.4-24.1
libsamba-passdb0-32bit-4.2.4-24.1
libsamba-policy-devel-4.2.4-24.1
libsamba-policy0-4.2.4-24.1
libsamba-policy0-32bit-4.2.4-24.1
libsamba-util-devel-4.2.4-24.1
libsamba-util0-4.2.4-24.1
libsamba-util0-32bit-4.2.4-24.1
libsamdb-devel-4.2.4-24.1
libsamdb0-4.2.4-24.1
libsamdb0-32bit-4.2.4-24.1
libsmbclient-devel-4.2.4-24.1
libsmbclient-raw-devel-4.2.4-24.1
libsmbclient-raw0-4.2.4-24.1
libsmbclient-raw0-32bit-4.2.4-24.1
libsmbclient0-4.2.4-24.1
libsmbclient0-32bit-4.2.4-24.1
libsmbconf-devel-4.2.4-24.1
libsmbconf0-4.2.4-24.1
libsmbconf0-32bit-4.2.4-24.1
libsmbldap-devel-4.2.4-24.1
libsmbldap0-4.2.4-24.1
libsmbldap0-32bit-4.2.4-24.1
libtevent-util-devel-4.2.4-24.1
libtevent-util0-4.2.4-24.1
libtevent-util0-32bit-4.2.4-24.1
libwbclient-devel-4.2.4-24.1
libwbclient0-4.2.4-24.1
libwbclient0-32bit-4.2.4-24.1
samba-4.2.4-24.1
samba-32bit-4.2.4-24.1
samba-client-4.2.4-24.1
samba-client-32bit-4.2.4-24.1
samba-core-devel-4.2.4-24.1
samba-doc-4.2.4-24.1
samba-libs-4.2.4-24.1
samba-libs-32bit-4.2.4-24.1
samba-pidl-4.2.4-24.1
samba-python-4.2.4-24.1
samba-test-4.2.4-24.1
samba-test-devel-4.2.4-24.1
samba-winbind-4.2.4-24.1
samba-winbind-32bit-4.2.4-24.1

Ссылки

Описание

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.

Затронутые продукты
openSUSE Leap 42.1:ctdb-4.2.4-24.1
openSUSE Leap 42.1:ctdb-devel-4.2.4-24.1
openSUSE Leap 42.1:ctdb-tests-4.2.4-24.1
openSUSE Leap 42.1:libdcerpc-atsvc-devel-4.2.4-24.1
Ссылки

Описание

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

Затронутые продукты
openSUSE Leap 42.1:ctdb-4.2.4-24.1
openSUSE Leap 42.1:ctdb-devel-4.2.4-24.1
openSUSE Leap 42.1:ctdb-tests-4.2.4-24.1
openSUSE Leap 42.1:libdcerpc-atsvc-devel-4.2.4-24.1
Ссылки

Описание

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

Затронутые продукты
openSUSE Leap 42.1:ctdb-4.2.4-24.1
openSUSE Leap 42.1:ctdb-devel-4.2.4-24.1
openSUSE Leap 42.1:ctdb-tests-4.2.4-24.1
openSUSE Leap 42.1:libdcerpc-atsvc-devel-4.2.4-24.1
Ссылки