Višestruki propusti paketa Samba

Izdana je nova nadogradnja programskog paketa Samba kojom je uklonjeno više sigurnosnih nedostataka. Udaljeni ih napadač može iskoristiti za dobivanje većih ovlasti, preuzimanje kontrole nad sustavom, DoS i XSS napad te otkrivanje osjetljivih podataka.

Paket:	Samba 3.x
Operacijski sustavi:	Fedora 15, Fedora 16, Fedora 17
Kritičnost:	8.7
Problem:	CSRF, neodgovarajuće rukovanje memorijom, nepravilno rukovanje ovlastima, pogreška u programskoj komponenti, XSS
Iskorištavanje:	udaljeno
Posljedica:	dobivanje većih privilegija, otkrivanje osjetljivih informacija, preuzimanje potpune kontrole nad sustavom, proizvoljno izvršavanje programskog koda, umetanje HTML i skriptnog koda, uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-1182, CVE-2012-2111, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817
Izvorni ID preporuke:	FEDORA-2012-6349
Izvor:	Fedora

Problem:
Problemi sigurnosti se javljaju zbog pogrešne implementacije komponente "RPC code generator", višestrukih CSRF ranjivosti, XSS ranjivosti u funkciji "chg_passwd", pogrešnog postavljanja privilegija u "LSA RPC" procedurama, itd.
Posljedica:
Udaljeni napadač spomenute propuste može iskoristiti za proizvoljno pokretanje programskog koda, umetanje HTML i skriptnog koda, DoS (eng. Denial of Service) napad, otkrivanje osjetljivih podataka, dobivanje većih ovlasti te preuzimanje kontrole nad sustavom.
Rješenje:
Svim se korisnicima savjetuje nadogradnja na novije inačice.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6349
2012-04-22 02:43:01
--------------------------------------------------------------------------------

Name        : samba4
Product     : Fedora 15
Version     : 4.0.0
Release     : 26.alpha11.fc15.6
URL         : http://www.samba.org/
Summary     : The Samba4 CIFS and AD client and server suite
Description :

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2012-1182.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 19 2012 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -  4.0.0-26.alpha11.6
- Fixes CVE-2012-1182.
* Mon Aug 29 2011 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -  4.0.0-25.alpha11.5
- Rebuild against fixed libtalloc version
* Mon Aug 29 2011 Stephen Gallagher <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -  4.0.0-25.alpha11.4
- Rebuild against fixed libtevent version
* Wed Feb  9 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
4.0.0-25.alpha11.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update samba4' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6999
2012-05-01 00:21:15
--------------------------------------------------------------------------------

Name        : samba
Product     : Fedora 15
Version     : 3.5.15
Release     : 74.fc15.1
URL         : http://www.samba.org/
Summary     : Server and Client software to interoperate with Windows machines
Description :

Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB/CIFS server that can be used to
provide network services to SMB/CIFS clients.
Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

--------------------------------------------------------------------------------
Update Information:

Security Release, fixes CVE-2012-2111
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 30 2012 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.15-74
- Security Release, fixes CVE-2012-2111
- resolves: #817551
* Thu Apr 12 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.14-73
- Update to 3.5.14, CVE-2012-1182.
* Thu Nov  3 2011 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.11-72
- Update to 3.5.12
* Thu Aug  4 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.11-71
- Update to 3.5.11
- resolves: #713648
* Tue Aug  2 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.10-70
- Security update to 3.5.10, fixes CVE-2011-2522 and CVE-2011-2694
- resolves: #725890
* Tue Jun 14 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.5.9-69
- Update to 3.5.9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #817551 - CVE-2012-2111 samba: Incorrect permission checks when
granting/removing privileges [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=817551
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update samba' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-7006
2012-05-01 00:21:34
--------------------------------------------------------------------------------

Name        : samba
Product     : Fedora 16
Version     : 3.6.5
Release     : 85.fc16
URL         : http://www.samba.org/
Summary     : Server and Client software to interoperate with Windows machines
Description :

Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB/CIFS server that can be used to
provide network services to SMB/CIFS clients.
Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

--------------------------------------------------------------------------------
Update Information:

Security Release, fixes CVE-2012-2111
Fix dependency on (private) libkrb5 symbol.
This fixes smbd and nmbd startup issues.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 30 2012 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.5-85
- Security Release, fixes CVE-2012-2111
- resolves: #XXXXX
* Mon Apr 23 2012 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.4-84
- Fix creation of /var/run/samba.
- resolves: #751625
* Fri Apr 20 2012 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.4-83
- Avoid private krb5_locate_kdc usage
- resolves: #754783
* Thu Apr 12 2012 Jon Ciesla <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.4-82
- Update to 3.6.4
- Fixes CVE-2012-1182
* Mon Mar 19 2012 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.3-81
- Fix provides for of libwclient-devel for samba-winbind-devel.
* Thu Feb 23 2012 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.3-80
- Add commented out 'max protocol' to the default config.
* Mon Feb 13 2012 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.3-79
- Create a libwbclient package.
- Replace winbind-devel with libwbclient-devel package.
* Mon Jan 30 2012 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.3-78
- Update to 3.6.3
- Fixes CVE-2012-0817
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:3.6.1-77.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Dec  5 2011 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.1-77
- Fix winbind cache upgrade.
- resolves: #760137
* Fri Nov 18 2011 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.1-76
- Fix piddir to match with systemd files.
- Fix crash bug in the debug system.
- resolves: #754525
* Fri Nov  4 2011 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.1-75
- Fix systemd dependencies
- resolves: #751397
* Wed Oct 26 2011 Andreas Schneider <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.1-74
- Update to 3.6.1
* Tue Oct  4 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.0-73
- Fix nmbd startup
- resolves: #741630
* Tue Sep 20 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:3.6.0-72
- convert to systemd
- restore epoch from f15
* Sat Aug 13 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.0-71
- Update to 3.6.0 final
* Sun Jul 31 2011 Guenther Deschner <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.6.0rc3-70
- Update to 3.6.0rc3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #817551 - CVE-2012-2111 samba: Incorrect permission checks when
granting/removing privileges [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=817551
  [ 2 ] Bug #754783 - samba's use of (private) krb5_locate_kdc() broken by
krb5-1.10
        https://bugzilla.redhat.com/show_bug.cgi?id=754783
  [ 3 ] Bug #751625 - Samba does not work
        https://bugzilla.redhat.com/show_bug.cgi?id=751625
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update samba' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6981
2012-04-30 18:44:15
--------------------------------------------------------------------------------

Name        : samba
Product     : Fedora 17
Version     : 3.6.5
Release     : 85.fc17.1
URL         : http://www.samba.org/
Summary     : Server and Client software to interoperate with Windows machines
Description :

Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB/CIFS server that can be used to
provide network services to SMB/CIFS clients.
Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

--------------------------------------------------------------------------------
Update Information:

Security Release, fixes CVE-2012-2111
This fixes smbd and nmbd startup issues.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #817551 - CVE-2012-2111 samba: Incorrect permission checks when
granting/removing privileges [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=817551
  [ 2 ] Bug #751625 - Samba does not work
        https://bugzilla.redhat.com/show_bug.cgi?id=751625
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update samba' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Višestruki propusti paketa Samba

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Višestruki propusti paketa Samba

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti