ArchLinux: 201911-6: samba: multiple issues

    Date04 Nov 2019
    CategoryArchLinux
    231
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package samba before version 4.10.10-1 is vulnerable to multiple issues including arbitrary filesystem access, insufficient validation and denial of service.
    Arch Linux Security Advisory ASA-201911-6
    =========================================
    
    Severity: Medium
    Date    : 2019-11-03
    CVE-ID  : CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
    Package : samba
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1057
    
    Summary
    =======
    
    The package samba before version 4.10.10-1 is vulnerable to multiple
    issues including arbitrary filesystem access, insufficient validation
    and denial of service.
    
    Resolution
    ==========
    
    Upgrade to 4.10.10-1.
    
    # pacman -Syu "samba>=4.10.10-1"
    
    The problems have been fixed upstream in version 4.10.10.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2019-10218 (arbitrary filesystem access)
    
    An issue has been found in Samba before 4.10.10 where a malicious
    server can craft a pathname containing separators and return this to
    client code, causing the client to use this access local pathnames for
    reading or writing instead of SMB network pathnames.
    
    - CVE-2019-14833 (insufficient validation)
    
    A security issue has been found in Samba before 4.10.10, where the
    check password script does not receive the full password string when
    the password contains multi-byte (non-ASCII) characters.
    Since Samba Version 4.5.0 a Samba AD DC can use a custom command to
    verify the password complexity. The command can be specified with the
    "check password script" smb.conf parameter. This command is called when
    Samba handles a user password change or a new user password is set. The
    script receives the new cleartext password string in order to run
    custom password complexity checks like dictionary checks to avoid weak
    user passwords. If the check password script parameter is not
    specified, Samba runs the internal password quality checks. The
    internal check makes sure that a password contains characters from
    three of five different characters categories.
    
    - CVE-2019-14847 (denial of service)
    
    A denial of service has been found in Samba before 4.10.10, where users
    with the "get changes" extended access right can crash the AD DC LDAP
    server by requesting an attribute using the range= syntax.
    By default, the supported versions of Samba impacted by this issue run
    using the "standard" process model, which is unaffected. This is
    controlled by the -M or --model parameter to the samba binary.
    Unsupported Samba versions before Samba 4.7 use a single process for
    the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are
    impacted if -M prefork or -M single is used. To mitigate this issue,
    select -M standard (the default).
    
    Impact
    ======
    
    An attacker is able to access and write on files via arbitrary paths or
    crash the application.
    
    References
    ==========
    
    https://www.samba.org/samba/security/CVE-2019-10218.html
    https://www.samba.org/samba/ftp/patches/security/samba-4.10.9-security-2019-10-29.patch
    https://www.samba.org/samba/security/CVE-2019-14833.html
    https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch
    https://www.samba.org/samba/security/CVE-2019-14847.html
    https://security.archlinux.org/CVE-2019-10218
    https://security.archlinux.org/CVE-2019-14833
    https://security.archlinux.org/CVE-2019-14847
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.