Changes between Initial Version and Version 1 of Ticket #11021


Ignore:
Timestamp:
08/15/2018 09:22:31 PM (6 years ago)
Author:
Douglas R. Reno
Comment:
 =============================
                   Release Notes for Samba 4.8.4
                           August 14, 2018
                   =============================


This is a security release in order to address the following defects:

o  CVE-2018-1139  (Weak authentication protocol allowed.)
o  CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
o  CVE-2018-10858 (Insufficient input validation on client directory
		   listing in libsmbclient.)
o  CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o  CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
		   server.)


=======
Details
=======

o  CVE-2018-1139:
   Vulnerability that allows authentication via NTLMv1 even if disabled.

o  CVE-2018-1140:
   Missing null pointer checks may crash the Samba AD DC, both over
   DNS and LDAP.

o  CVE-2018-10858:
   A malicious server could return a directory entry that could corrupt
   libsmbclient memory.

o  CVE-2018-10918:
   Missing null pointer checks may crash the Samba AD DC, over the
   authenticated DRSUAPI RPC service.

o  CVE-2018-10919:
   Missing access control checks allow discovery of confidential attribute
   values via authenticated LDAP search expressions.


Changes since 4.8.3:
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
     returns from malicious servers.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
     with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
   * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
     not servicePrincipalName is set on a user.

o  Tim Beale <timbeale@catalyst.net.nz>
   * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
     searches.

o  Günther Deschner <gd@samba.org>
   * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
     is disabled via "ntlm auth".

o  Andrej Gessel <Andrej.Gessel@janztec.com>
   * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
     ltdb_index_dn_attr().

Allows authentication over NTLMv1 even if it is disabled, crashes / memory corruption, and failure to verify access control checks.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11021

    • Property Owner changed from blfs-book to Douglas R. Reno
    • Property Priority normalhighest
    • Property Status newassigned

  • Ticket #11021 – Description

    initial v1  
    11New point version.
     2
     3NOTE: This release is designated as "critical" by the Samba team.
     4
     5
     6{{{
     7 =============================
     8                   Release Notes for Samba 4.8.4
     9                           August 14, 2018
     10                   =============================
     11
     12
     13This is a security release in order to address the following defects:
     14
     15o  CVE-2018-1139  (Weak authentication protocol allowed.)
     16o  CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
     17o  CVE-2018-10858 (Insufficient input validation on client directory
     18                   listing in libsmbclient.)
     19o  CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
     20o  CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
     21                   server.)
     22
     23
     24=======
     25Details
     26=======
     27
     28o  CVE-2018-1139:
     29   Vulnerability that allows authentication via NTLMv1 even if disabled.
     30
     31o  CVE-2018-1140:
     32   Missing null pointer checks may crash the Samba AD DC, both over
     33   DNS and LDAP.
     34
     35o  CVE-2018-10858:
     36   A malicious server could return a directory entry that could corrupt
     37   libsmbclient memory.
     38
     39o  CVE-2018-10918:
     40   Missing null pointer checks may crash the Samba AD DC, over the
     41   authenticated DRSUAPI RPC service.
     42
     43o  CVE-2018-10919:
     44   Missing access control checks allow discovery of confidential attribute
     45   values via authenticated LDAP search expressions.
     46
     47
     48Changes since 4.8.3:
     49--------------------
     50
     51o  Jeremy Allison <jra@samba.org>
     52   * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
     53     returns from malicious servers.
     54
     55o  Andrew Bartlett <abartlet@samba.org>
     56   * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
     57     with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
     58   * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
     59     not servicePrincipalName is set on a user.
     60
     61o  Tim Beale <timbeale@catalyst.net.nz>
     62   * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
     63     searches.
     64
     65o  Günther Deschner <gd@samba.org>
     66   * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
     67     is disabled via "ntlm auth".
     68
     69o  Andrej Gessel <Andrej.Gessel@janztec.com>
     70   * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
     71     ltdb_index_dn_attr().
     72}}}