First Last Prev Next    This bug is not in your last search results.
Bug 54016 - samba: Multiple issues (4.4)
samba: Multiple issues (4.4)
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on: 54015
Blocks:
  Show dependency treegraph
 
Reported: 2021-11-01 14:23 CET by Arvid Requate
Modified: 2022-01-24 10:52 CET (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.9 (CVSS:7.4/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C/CR:M/IR:M/AR:X/MAV:N/MAC:H/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:N)

Attachments
ucs44-CVE-2021-43566-draft.patch (4.23 KB, patch)
2022-01-09 16:57 CET, Arvid Requate 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2021-11-01 14:23:55 CET 
Check backport to 4.4-8

+++ This bug was initially created as a clone of Bug #54015 +++

Security update scheduled for January 10th 2022.

* https://bugzilla.samba.org/show_bug.cgi?id=13979
* https://bugzilla.samba.org/show_bug.cgi?id=14842
Comment 1 Arvid Requate univentionstaff 2022-01-09 16:57:39 CET 
Created attachment 10898 [details]
ucs44-CVE-2021-43566-draft.patch

The general mitigation is

* ucr set samba/min/protocol=SMB2_02; /etc/init.d/samba restart
* Don't export a samba share also via smb
* Don't allow user access to share directories on server side

The latter is already standard of UCS/Samba AD DCs


For CVE-2021-20316 the upstream (4.15) changes are too invasive to backport.
For CVE-2021-43566 there is a patch that applies to 4.13,
but the code was different in 4.10. The attached draft is an absolutely untested
backport of the upstream (4.13) patch
 0001-s3-smbd-Fix-mkdir-race-condition-allows-share-escape.patch
Comment 2 Erik Damrose univentionstaff 2022-01-10 09:23:36 CET 
(In reply to Arvid Requate from comment #1)
> * Don't export a samba share also via smb

The typo is rather significant, it should be
Don't export a samba share also via _NFS_
Comment 3 Arvid Requate univentionstaff 2022-01-10 18:43:32 CET 
We have published a security recommendation here:

https://help.univention.com/t/recommendation-for-samba-security-issues-cve-2021-43566-and-cve-2021-20316/19188
First Last Prev Next    This bug is not in your last search results.