安全公告详情

NS-SA-2019-0096

2019-07-17 14:59:54

简介

important: samba security update

严重级别

important

主题

An update for samba is now available for NewStart CGSL MAIN 4.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

samba: Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB/CIFS server that can be used to provide network services to SMB/CIFS clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.


Security Fix(es):
samba: A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process.(CVE-2016-2126)
samba: It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.(CVE-2016-2125)
samba: A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.(CVE-2017-7494)
samba: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 4.05.F1.

影响组件

  • samba

影响产品

  • CGSL MAIN 4.05

更新包

{"fix":[{"product":"CGSL MAIN 4.05","pkgs":[{"binary":["libsmbclient-3.6.23-43.el6_9.x86_64.rpm","samba-3.6.23-43.el6_9.x86_64.rpm","samba-client-3.6.23-43.el6_9.x86_64.rpm","samba-common-3.6.23-43.el6_9.x86_64.rpm","samba-winbind-3.6.23-43.el6_9.x86_64.rpm","samba-winbind-clients-3.6.23-43.el6_9.x86_64.rpm"],"source":"samba-3.6.23-43.el6_9.src.rpm"}]}]}

CVE

参考