Mandriva Linux Security Advisory 2013-299 - The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. The updated packages has been upgraded to the 3.6.22 version which resolves various upstream bugs and is not vulnerable to these issues.
616e78bf48894f3bc5d18232a8b44d069f6ab91be39e3eb85bbad5e45a00df87
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:299
https://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : samba
Date : December 22, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been discovered and corrected in samba:
The winbind_name_list_to_sid_string_list function in
nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid
require_membership_of group names by accepting authentication by
any user, which allows remote authenticated users to bypass intended
access restrictions in opportunistic circumstances by leveraging an
administrator's pam_winbind configuration-file mistake (CVE-2012-6150).
Buffer overflow in the dcerpc_read_ncacn_packet_done function in
librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22,
4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain
controllers to execute arbitrary code via an invalid fragment length
in a DCE-RPC packet (CVE-2013-4408).
The updated packages has been upgraded to the 3.6.22 version which
resolves various upstream bugs and is not vulnerable to these issues.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
https://www.samba.org/samba/history/samba-3.6.21.html
https://www.samba.org/samba/history/samba-3.6.22.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
e75ca171513e6b1c54ad77fe0feeabe2 mbs1/x86_64/lib64netapi0-3.6.22-1.mbs1.x86_64.rpm
dbfc96f66f6328db3597dea747915f24 mbs1/x86_64/lib64netapi-devel-3.6.22-1.mbs1.x86_64.rpm
569452556235a2d00f3e31ca9244e99f mbs1/x86_64/lib64smbclient0-3.6.22-1.mbs1.x86_64.rpm
e45b969bcd034b37d6eea9e6438dc623 mbs1/x86_64/lib64smbclient0-devel-3.6.22-1.mbs1.x86_64.rpm
61624e0bdb59db6a7b38ff6df9b528c0 mbs1/x86_64/lib64smbclient0-static-devel-3.6.22-1.mbs1.x86_64.rpm
2cab4c1de652fdb153ffc171fd85cb13 mbs1/x86_64/lib64smbsharemodes0-3.6.22-1.mbs1.x86_64.rpm
432de62da07d76a1c6caee4f5c86b98e mbs1/x86_64/lib64smbsharemodes-devel-3.6.22-1.mbs1.x86_64.rpm
ddd929553b7ae807428e9e172295a899 mbs1/x86_64/lib64wbclient0-3.6.22-1.mbs1.x86_64.rpm
43bd4bd6c15d0dece283d1aec84a3714 mbs1/x86_64/lib64wbclient-devel-3.6.22-1.mbs1.x86_64.rpm
586fcb19209338416273009e2d7b3c8b mbs1/x86_64/nss_wins-3.6.22-1.mbs1.x86_64.rpm
d6e2b27265691f111aa364e7ae5c5276 mbs1/x86_64/samba-client-3.6.22-1.mbs1.x86_64.rpm
f66d7573d84f5238d3324748511ad2a4 mbs1/x86_64/samba-common-3.6.22-1.mbs1.x86_64.rpm
07e7710d4b9295fb62e81f23ac723bea mbs1/x86_64/samba-doc-3.6.22-1.mbs1.noarch.rpm
67ff474d324a41753f5bdfaf63fd07b3 mbs1/x86_64/samba-domainjoin-gui-3.6.22-1.mbs1.x86_64.rpm
e81a7bf8da697a055d2e980d54f7ab87 mbs1/x86_64/samba-server-3.6.22-1.mbs1.x86_64.rpm
88f34c6bff167020ffa8cb2e8b3d6e6f mbs1/x86_64/samba-swat-3.6.22-1.mbs1.x86_64.rpm
dcd6bbf7a2fb1dd95fb02f21dfb9acd0 mbs1/x86_64/samba-virusfilter-clamav-3.6.22-1.mbs1.x86_64.rpm
76ccda39bbf6b56e004e15f04ca9ff0d mbs1/x86_64/samba-virusfilter-fsecure-3.6.22-1.mbs1.x86_64.rpm
3dfe1d3ceb575288ebd711a021e20ce5 mbs1/x86_64/samba-virusfilter-sophos-3.6.22-1.mbs1.x86_64.rpm
e9fd794dbc4491dd5ca595a6cee20479 mbs1/x86_64/samba-winbind-3.6.22-1.mbs1.x86_64.rpm
1c633723bd82487b385bdf65e6ef253c mbs1/SRPMS/samba-3.6.22-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFStvLSmqjQ0CJFipgRArQbAJ92lnIbHg7gbCGhOZyU2Dq8m6loNwCfetCt
p5/1VzCAcokyiwxibLK14xY=
=JHLU
-----END PGP SIGNATURE-----