[manjaro-security] [ASA-201803-10] samba: multiple issues

Jelle van der Waa jelle at archlinux.org
Wed Mar 14 16:24:16 CET 2018


Arch Linux Security Advisory ASA-201803-10
==========================================

Severity: Critical
Date    : 2018-03-13
CVE-ID  : CVE-2018-1050 CVE-2018-1057
Package : samba
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-651

Summary
=======

The package samba before version 4.7.6-1 is vulnerable to multiple
issues including access restriction bypass and denial of service.

Resolution
==========

Upgrade to 4.7.6-1.

# pacman -Syu "samba>=4.7.6-1"

The problems have been fixed upstream in version 4.7.6.

Workaround
==========

- CVE-2018-1050

Ensure the parameter:

rpc_server:spoolss = external

is not set in the [global] section of your smb.conf.

- CVE-2018-1057

Revoke the change passwords right for 'the world' from all user objects
(including computers) in the directory, leaving only the right to
change a user's own password.

Description
===========

- CVE-2018-1050 (denial of service)

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of
service attack when the RPC spoolss service is configured to be run as
an external daemon. Missing input sanitization checks on some of the
input parameters to spoolss RPC calls could cause the print spooler
service to crash.

- CVE-2018-1057 (access restriction bypass)

On a Samba 4 AD DC any authenticated user can change other users'
passwords over LDAP, including the passwords of administrative users
and service accounts.

Impact
======

A remote attacker is able to change other users passwords on a Samba 4
AD DC or perform a denial of service attack by sending a specially
crafted request to the spoolss service.

References
==========

https://lists.samba.org/archive/samba-announce/2018/000435.html
https://www.samba.org/samba/security/CVE-2018-1050.html
https://github.com/samba-team/samba/commit/c41895be8222199ffe69749e32afc9946517f63f
https://www.samba.org/samba/security/CVE-2018-1057.html
https://wiki.samba.org/index.php/CVE-2018-1057
https://github.com/samba-team/samba/commit/50e7788603b97104fe116a07ab14a1d1148f4405
https://github.com/samba-team/samba/commit/c80456855197f9fe9ef497a7fc94504c28445343
https://github.com/samba-team/samba/commit/ab7dc210e9aedc1222055822ff296e4a67cfb27b
https://github.com/samba-team/samba/commit/407a34c73fcd666c22776bbc4aa56d02c0683463
https://github.com/samba-team/samba/commit/3e6621fe58014f19477633b1c0b54288550f0e87
https://github.com/samba-team/samba/commit/9dd7dd9ebba8d449feea66695fab3cbbb22d00e8
https://github.com/samba-team/samba/commit/766ab4c52b06532f2dd8801ccf5d4aadf07a098e
https://github.com/samba-team/samba/commit/0e15ce12e1e9733f1e8eb13e77cbcdd0aea29f29
https://github.com/samba-team/samba/commit/39e689aa703536330083bfc4d58d15a2521e0f95
https://github.com/samba-team/samba/commit/2fea9ee701fed0417d8f681238663b7b00c451f8
https://github.com/samba-team/samba/commit/c653e51a3d991e0e08327186881b324b85106f0d
https://github.com/samba-team/samba/commit/b23bf04caeb196da9515addbcdf17db0723ee553
https://github.com/samba-team/samba/commit/fbd16473ecf073f86e36f9e29a80151272661dce
https://security.archlinux.org/CVE-2018-1050
https://security.archlinux.org/CVE-2018-1057
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20180314/cc10fa8e/attachment.sig>


More information about the manjaro-security mailing list