Opened 6 years ago
Closed 6 years ago
#11021 closed enhancement (fixed)
samba-4.8.4
Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | highest | Milestone: | 8.3 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description (last modified by )
New point version.
NOTE: This release is designated as "critical" by the Samba team.
============================= Release Notes for Samba 4.8.4 August 14, 2018 ============================= This is a security release in order to address the following defects: o CVE-2018-1139 (Weak authentication protocol allowed.) o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.) o CVE-2018-10858 (Insufficient input validation on client directory listing in libsmbclient.) o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.) o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP server.) ======= Details ======= o CVE-2018-1139: Vulnerability that allows authentication via NTLMv1 even if disabled. o CVE-2018-1140: Missing null pointer checks may crash the Samba AD DC, both over DNS and LDAP. o CVE-2018-10858: A malicious server could return a directory entry that could corrupt libsmbclient memory. o CVE-2018-10918: Missing null pointer checks may crash the Samba AD DC, over the authenticated DRSUAPI RPC service. o CVE-2018-10919: Missing access control checks allow discovery of confidential attribute values via authenticated LDAP search expressions. Changes since 4.8.3: -------------------- o Jeremy Allison <jra@samba.org> * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers. o Andrew Bartlett <abartlet@samba.org> * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140 * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user. o Tim Beale <timbeale@catalyst.net.nz> * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches. o Günther Deschner <gd@samba.org> * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". o Andrej Gessel <Andrej.Gessel@janztec.com> * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr().
Change History (2)
comment:1 by , 6 years ago
Description: | modified (diff) |
---|---|
Owner: | changed from | to
Priority: | normal → highest |
Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Allows authentication over NTLMv1 even if it is disabled, crashes / memory corruption, and failure to verify access control checks.