Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#17410 closed enhancement (fixed)

samba-4.17.4

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version, security release

Change History (4)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago 

Release Announcements
---------------------

This are security releases in order to address the following defects:


o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
                  RC4-HMAC Elevation of Privilege Vulnerability
                  disclosed by Microsoft on Nov 8 2022.

                  A Samba Active Directory DC will issue weak rc4-hmac
                  session keys for use between modern clients and servers
                  despite all modern Kerberos implementations supporting
                  the aes256-cts-hmac-sha1-96 cipher.

                  On Samba Active Directory DCs and members
                  'kerberos encryption types = legacy' would force
                  rc4-hmac as a client even if the server supports
                  aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.

https://www.samba.org/samba/security/CVE-2022-37966.html

o CVE-2022-37967: This is the Samba CVE for the Windows
                  Kerberos Elevation of Privilege Vulnerability
                  disclosed by Microsoft on Nov 8 2022.

                  A service account with the special constrained
                  delegation permission could forge a more powerful
                  ticket than the one it was presented with.

https://www.samba.org/samba/security/CVE-2022-37967.html

o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                  same algorithms as rc4-hmac cryptography in Kerberos,
                  and so must also be assumed to be weak.

https://www.samba.org/samba/security/CVE-2022-38023.html

o CVE-2022-45141: Since the Windows Kerberos RC4-HMAC Elevation of Privilege
                  Vulnerability was disclosed by Microsoft on Nov 8 2022
                  and per RFC8429 it is assumed that rc4-hmac is weak,

                  Vulnerable Samba Active Directory DCs will issue rc4-hmac
                  encrypted tickets despite the target server supporting
                  better encryption (eg aes256-cts-hmac-sha1-96).

https://www.samba.org/samba/security/CVE-2022-45141.html

Changes
-------

o  Jeremy Allison <jra@samba.org>
   * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
     same size.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
     user-controlled pointer in FAST.
   * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
   * BUG 15237: CVE-2022-37966.
   * BUG 15258: filter-subunit is inefficient with large numbers of knownfails.

o  Ralph Boehme <slow@samba.org>
   * BUG 15240: CVE-2022-38023.
   * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
     Windows.
   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
     atomically.
   * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
     vulnerability.
   * BUG 15206: libnet: change_password() doesn't work with
     dcerpc_samr_ChangePasswordUser4().
   * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
   * BUG 15230: Memory leak in snprintf replacement functions.
   * BUG 15237: CVE-2022-37966.
   * BUG 15240: CVE-2022-38023.
   * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
     (CVE-2021-20251 regression).

o  Noel Power <noel.power@suse.com>
   * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
     same size.

o  Anoop C S <anoopcs@samba.org>
   * BUG 15198: Prevent EBADF errors with vfs_glusterfs.

o  Andreas Schneider <asn@samba.org>
   * BUG 15237: CVE-2022-37966.
   * BUG 15243: %U for include directive doesn't work for share listing
     (netshareenum).
   * BUG 15257: Stack smashing in net offlinejoin requestodj.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
   * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
   * BUG 15231: CVE-2022-37967.
   * BUG 15237: CVE-2022-37966.

o  Nicolas Williams <nico@twosigma.com>
   * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
     user-controlled pointer in FAST.

comment:3 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at ece8654eefe58c01b4bc4391ccb8f44aed79b11e

Security advisory coming shortly

comment:4 by Douglas R. Reno, 3 years ago

SA-11.2-57 issued

Note: See TracTickets for help on using tickets.