Bug 37736 - samba: Security issue (ES 2.4)
samba: Security issue (ES 2.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 2.4-ES
Assigned To: Moritz Muehlenhoff
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-09 14:48 CET by Moritz Muehlenhoff
Modified: 2015-03-25 10:16 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-09 14:48:17 CET

    
Comment 1 Moritz Muehlenhoff univentionstaff 2015-02-09 14:48:27 CET
CVE-2015-0240

A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
Comment 2 Arvid Requate univentionstaff 2015-02-16 16:06:50 CET
For pre 3.5.13 we should additionally cherry pick https://git.samba.org/?p=samba.git;a=commitdiff;h=914f88b1edc3a9964553f781c8b11d4cc0e7c67f
Comment 3 Moritz Muehlenhoff univentionstaff 2015-02-23 12:43:10 CET
Now public:
https://www.samba.org/samba/security/CVE-2015-0240
Comment 4 Moritz Muehlenhoff univentionstaff 2015-02-24 14:00:51 CET
The patch has been integrated and the package rebuilt. Tests with Win7 (domain join and domain logon) went fine.
Comment 5 Arvid Requate univentionstaff 2015-02-25 17:19:47 CET
Verified:

* Patch identical to upstream:

samba/2.4-0-0-ucs/2:3.5.11~dfsg-1-extsec2.4/98_CVE-2015-0240.patch

* Package built in extsec2.4 with upstream patch
* Package update (master, backup, member)
* Windows7 Client join, user logon, PW-Change, Re-logon, UCS DC Backup rejoin, UCS Memberserver rejoin, memberserver home share writable by user
Comment 6 Moritz Muehlenhoff univentionstaff 2015-03-25 10:16:35 CET
This has been announced as part of the extended 2.4 security support.