Bug 35192

Summary: samba: Multiple issues (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Moritz Muehlenhoff <jmm>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: gohmann, requate
Version: UCS 3.2   
Target Milestone: UCS 3.2-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2014-06-24 19:34:30 CEST 
CVE-2014-0244: Denial of service (infinite CPU loop) in nmbd.
CVE-2014-3493: Denial of service (daemon crash) in the smbd file server daemon (only exploitable by authenticated users)
Comment 1 Moritz Muehlenhoff univentionstaff 2014-06-24 19:34:56 CEST 
Can be coupled with other samba updates
Comment 2 Moritz Muehlenhoff univentionstaff 2014-06-27 09:31:58 CEST 
CVE-2012-6150

Quoting from https://www.samba.org/samba/history/samba-4.1.3.html:

   Winbind allows for the further restriction of authenticated PAM logins using
   the require_membership_of parameter. System administrators may specify a list
   of SIDs or groups for which an authenticated user must be a member of. If an
   authenticated user does not belong to any of the entries, then login should
   fail. Invalid group name entries are ignored.

   Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from
   authenticated users if the require_membership_of parameter specifies only
   invalid group names.

   This is a vulnerability with low impact. All require_membership_of group
   names must be invalid for this bug to be encountered.

[reply] [−] Comment 1 Moritz Muehlenhoff univentionstaff 2014-05-30 10:55:42 CEST

Information leak in shadow_copy VFS module (CVE-2014-0178)
Comment 3 Moritz Muehlenhoff univentionstaff 2014-06-27 09:32:10 CEST 
*** Bug 33828 has been marked as a duplicate of this bug. ***
Comment 4 Moritz Muehlenhoff univentionstaff 2014-06-30 08:36:07 CEST 
Samba has been rebuilt with the following patches:
99_CVE-2012-6150.patch
99_CVE-2014-0178.patch
99_CVE-2014-0244-CVE-2014-3493.patch

YAML file: 2014-06-17-univention-samba.yaml
Comment 5 Moritz Muehlenhoff univentionstaff 2014-07-02 11:08:50 CEST 
(In reply to Moritz Muehlenhoff from comment #4)

> YAML file: 2014-06-17-univention-samba.yaml

Should be 2014-07-02-samba.yaml
Comment 6 Felix Botner univentionstaff 2014-07-10 14:37:46 CEST 
OK - patches
OK - YAML

OK - shares access
OK - login
OK - password change via windows
OK - windows join
OK - UCS join
OK - drs replication
OK - winbind
OK - creating users via windows RSAT
Comment 7 Moritz Muehlenhoff univentionstaff 2014-07-14 10:50:11 CEST 
http://errata.univention.de/ucs/3.2/148.html