Bug 37731 - samba: Security issue (3.2)
samba: Security issue (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 3.2-4-errata
Assigned To: Moritz Muehlenhoff
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-09 14:33 CET by Moritz Muehlenhoff
Modified: 2015-02-23 16:36 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
YAML (396 bytes, application/x-yaml)
2015-02-19 07:55 CET, Moritz Muehlenhoff
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2015-02-09 14:33:37 CET

    
Comment 1 Moritz Muehlenhoff univentionstaff 2015-02-09 14:40:47 CET
CVE-2015-0240

A malicious client could send packets that may set up the stack in
such a way that the freeing of memory in a subsequent anonymous
netlogon packet could allow execution of arbitrary code. This code
would execute with root privileges.
Comment 2 Moritz Muehlenhoff univentionstaff 2015-02-19 07:55:27 CET
Created attachment 6699 [details]
YAML
Comment 3 Moritz Muehlenhoff univentionstaff 2015-02-19 11:03:04 CET
An updated package has been built. The YAML is attached (it cannot be commited until hthe embargo has passed). ucs-test-samba* was successful.
Comment 4 Moritz Muehlenhoff univentionstaff 2015-02-23 12:42:56 CET
Now public:
https://www.samba.org/samba/security/CVE-2015-0240
Comment 5 Arvid Requate univentionstaff 2015-02-23 15:50:44 CET
Verified:

* Package has been rebuilt with upstream patch
* Installation, join, kinit+smb and ucs-test, win7 client join, ddns update, user login, password change (amd64)
* Advisory
Comment 6 Janek Walkenhorst univentionstaff 2015-02-23 16:36:35 CET
<http://errata.univention.de/ucs/3.2/291.html>