Univention Bugzilla – Bug 35192
samba: Multiple issues (3.2)
Last modified: 2014-07-14 10:50:11 CEST
CVE-2014-0244: Denial of service (infinite CPU loop) in nmbd. CVE-2014-3493: Denial of service (daemon crash) in the smbd file server daemon (only exploitable by authenticated users)
Can be coupled with other samba updates
CVE-2012-6150 Quoting from https://www.samba.org/samba/history/samba-4.1.3.html: Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored. Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names. This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered. [reply] [−] Comment 1 Moritz Muehlenhoff univentionstaff 2014-05-30 10:55:42 CEST Information leak in shadow_copy VFS module (CVE-2014-0178)
*** Bug 33828 has been marked as a duplicate of this bug. ***
Samba has been rebuilt with the following patches: 99_CVE-2012-6150.patch 99_CVE-2014-0178.patch 99_CVE-2014-0244-CVE-2014-3493.patch YAML file: 2014-06-17-univention-samba.yaml
(In reply to Moritz Muehlenhoff from comment #4) > YAML file: 2014-06-17-univention-samba.yaml Should be 2014-07-02-samba.yaml
OK - patches OK - YAML OK - shares access OK - login OK - password change via windows OK - windows join OK - UCS join OK - drs replication OK - winbind OK - creating users via windows RSAT
http://errata.univention.de/ucs/3.2/148.html