Mandriva Linux Security Advisory 2015-083 - Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). The updated packages provides a solution for these security issues.
b6781691dfb29aa5e6e3e339abaa996f02a7b1e269ae9c8c690e09e7e8f9ed2a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:083
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : samba4
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in samba4:
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before
4.2rc4, when an Active Directory Domain Controller (AD DC)
is configured, allows remote authenticated users to set the LDB
userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain
privileges, by leveraging delegation of authority for user-account
or computer-account creation (CVE-2014-8143).
An uninitialized pointer use flaw was found in the Samba daemon
(smbd). A malicious Samba client could send specially crafted netlogon
packets that, when processed by smbd, could potentially lead to
arbitrary code execution with the privileges of the user running smbd
(by default, the root user) (CVE-2015-0240).
The updated packages provides a solution for these security issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
https://www.samba.org/samba/history/samba-4.1.15.html
https://www.samba.org/samba/history/samba-4.1.16.html
https://www.samba.org/samba/history/samba-4.1.17.html
https://www.samba.org/samba/security/CVE-2014-8143
https://www.samba.org/samba/security/CVE-2015-0240
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
7a21c3baa011c68360bcaa5a086d0122 mbs2/x86_64/lib64samba41-4.1.17-1.mbs2.x86_64.rpm
e67ad9bd1020e4de0afa2b91c29fc99d mbs2/x86_64/lib64samba4-dc0-4.1.17-1.mbs2.x86_64.rpm
46ed288d10dd123272dd812ae56ec6ee mbs2/x86_64/lib64samba4-devel-4.1.17-1.mbs2.x86_64.rpm
1a4f3437669ca98899dfcdf2e8881870 mbs2/x86_64/lib64samba4-smbclient0-4.1.17-1.mbs2.x86_64.rpm
cea478050042fea1d543c6988dc9e5d3 mbs2/x86_64/lib64samba4-smbclient-devel-4.1.17-1.mbs2.x86_64.rpm
078bdb566527115b87ae84051af53f83 mbs2/x86_64/lib64samba4-test0-4.1.17-1.mbs2.x86_64.rpm
f907110b336f2151532d332a96704444 mbs2/x86_64/lib64samba4-test-devel-4.1.17-1.mbs2.x86_64.rpm
9f02113c351530d89f660c57ad738e0d mbs2/x86_64/lib64samba4-wbclient0-4.1.17-1.mbs2.x86_64.rpm
a4ee31b7ca1c9c10840b5128780c10ae mbs2/x86_64/lib64samba4-wbclient-devel-4.1.17-1.mbs2.x86_64.rpm
361e64104d96f176acb1ea2b7a7dcab3 mbs2/x86_64/python-samba4-4.1.17-1.mbs2.x86_64.rpm
728fe28155e9ea617eb7b3e8c1f81560 mbs2/x86_64/samba4-4.1.17-1.mbs2.x86_64.rpm
f95961c85294f2eb4e67412c333a8600 mbs2/x86_64/samba4-client-4.1.17-1.mbs2.x86_64.rpm
20260736d550aed06b930a80378f1ade mbs2/x86_64/samba4-common-4.1.17-1.mbs2.x86_64.rpm
ba87fe4573774f2b6d39eb244906b8e2 mbs2/x86_64/samba4-dc-4.1.17-1.mbs2.x86_64.rpm
77d4df40799cb8b265bf04e948cb4c09 mbs2/x86_64/samba4-pidl-4.1.17-1.mbs2.noarch.rpm
0473c05efdc448e87195f0162e106ad9 mbs2/x86_64/samba4-test-4.1.17-1.mbs2.x86_64.rpm
0c947489754bd227bb70f4d13e42ac1c mbs2/x86_64/samba4-vfs-glusterfs-4.1.17-1.mbs2.x86_64.rpm
3a6a91b25a097b2aee84dbd05b628fbf mbs2/x86_64/samba4-winbind-4.1.17-1.mbs2.x86_64.rpm
302dd7340f910fac0a6d185ebac1c708 mbs2/x86_64/samba4-winbind-clients-4.1.17-1.mbs2.x86_64.rpm
3954449c55b63201fb6c82e123f42420 mbs2/x86_64/samba4-winbind-krb5-locator-4.1.17-1.mbs2.x86_64.rpm
e30ce619fe04c7005bade1fb2051cdf2 mbs2/x86_64/samba4-winbind-modules-4.1.17-1.mbs2.x86_64.rpm
b7a4a89d736ebde71080926777ebf1bd mbs2/SRPMS/samba4-4.1.17-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFlh+mqjQ0CJFipgRAkoZAKCwlrjIFlckh4Ufxi8VtlnPSDRFnACfYdAB
JPQ7KCtyJGZ0kJGXZggwq7U=
=OGlL
-----END PGP SIGNATURE-----