#11021: samba-4.8.4
-------------------------+-----------------------
Reporter: bdubbs | Owner: renodr
Type: enhancement | Status: assigned
Priority: highest | Milestone: 8.3
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by renodr):
* owner: blfs-book => renodr
* priority: normal => highest
* status: new => assigned
Old description:
> New point version.
New description:
New point version.
NOTE: This release is designated as "critical" by the Samba team.
{{{
=============================
Release Notes for Samba 4.8.4
August 14, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
=======
Details
=======
o CVE-2018-1139:
Vulnerability that allows authentication via NTLMv1 even if disabled.
o CVE-2018-1140:
Missing null pointer checks may crash the Samba AD DC, both over
DNS and LDAP.
o CVE-2018-10858:
A malicious server could return a directory entry that could corrupt
libsmbclient memory.
o CVE-2018-10918:
Missing null pointer checks may crash the Samba AD DC, over the
authenticated DRSUAPI RPC service.
o CVE-2018-10919:
Missing access control checks allow discovery of confidential attribute
values via authenticated LDAP search expressions.
Changes since 4.8.3:
--------------------
o Jeremy Allison <[email protected]>
* BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal()
against
returns from malicious servers.
o Andrew Bartlett <[email protected]>
* BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS
query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
* BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref)
when
not servicePrincipalName is set on a user.
o Tim Beale <[email protected]>
* BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute
access via
searches.
o Günther Deschner <[email protected]>
* BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1
when it
is disabled via "ntlm auth".
o Andrej Gessel <[email protected]>
* BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr().
}}}
--
Comment:
{{{
=============================
Release Notes for Samba 4.8.4
August 14, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
=======
Details
=======
o CVE-2018-1139:
Vulnerability that allows authentication via NTLMv1 even if disabled.
o CVE-2018-1140:
Missing null pointer checks may crash the Samba AD DC, both over
DNS and LDAP.
o CVE-2018-10858:
A malicious server could return a directory entry that could corrupt
libsmbclient memory.
o CVE-2018-10918:
Missing null pointer checks may crash the Samba AD DC, over the
authenticated DRSUAPI RPC service.
o CVE-2018-10919:
Missing access control checks allow discovery of confidential attribute
values via authenticated LDAP search expressions.
Changes since 4.8.3:
--------------------
o Jeremy Allison <[email protected]>
* BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal()
against
returns from malicious servers.
o Andrew Bartlett <[email protected]>
* BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS
query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
* BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref)
when
not servicePrincipalName is set on a user.
o Tim Beale <[email protected]>
* BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute
access via
searches.
o Günther Deschner <[email protected]>
* BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1
when it
is disabled via "ntlm auth".
o Andrej Gessel <[email protected]>
* BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr().
}}}
Allows authentication over NTLMv1 even if it is disabled, crashes / memory
corruption, and failure to verify access control checks.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/11021#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
