ArchLinux: 201911-6: samba: multiple issues

    Date04 Nov 2019
    Posted ByLinuxSecurity Advisories
    The package samba before version 4.10.10-1 is vulnerable to multiple issues including arbitrary filesystem access, insufficient validation and denial of service.
    Arch Linux Security Advisory ASA-201911-6
    Severity: Medium
    Date    : 2019-11-03
    CVE-ID  : CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
    Package : samba
    Type    : multiple issues
    Remote  : Yes
    Link    :
    The package samba before version 4.10.10-1 is vulnerable to multiple
    issues including arbitrary filesystem access, insufficient validation
    and denial of service.
    Upgrade to 4.10.10-1.
    # pacman -Syu "samba>=4.10.10-1"
    The problems have been fixed upstream in version 4.10.10.
    - CVE-2019-10218 (arbitrary filesystem access)
    An issue has been found in Samba before 4.10.10 where a malicious
    server can craft a pathname containing separators and return this to
    client code, causing the client to use this access local pathnames for
    reading or writing instead of SMB network pathnames.
    - CVE-2019-14833 (insufficient validation)
    A security issue has been found in Samba before 4.10.10, where the
    check password script does not receive the full password string when
    the password contains multi-byte (non-ASCII) characters.
    Since Samba Version 4.5.0 a Samba AD DC can use a custom command to
    verify the password complexity. The command can be specified with the
    "check password script" smb.conf parameter. This command is called when
    Samba handles a user password change or a new user password is set. The
    script receives the new cleartext password string in order to run
    custom password complexity checks like dictionary checks to avoid weak
    user passwords. If the check password script parameter is not
    specified, Samba runs the internal password quality checks. The
    internal check makes sure that a password contains characters from
    three of five different characters categories.
    - CVE-2019-14847 (denial of service)
    A denial of service has been found in Samba before 4.10.10, where users
    with the "get changes" extended access right can crash the AD DC LDAP
    server by requesting an attribute using the range= syntax.
    By default, the supported versions of Samba impacted by this issue run
    using the "standard" process model, which is unaffected. This is
    controlled by the -M or --model parameter to the samba binary.
    Unsupported Samba versions before Samba 4.7 use a single process for
    the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are
    impacted if -M prefork or -M single is used. To mitigate this issue,
    select -M standard (the default).
    An attacker is able to access and write on files via arbitrary paths or
    crash the application.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"29","type":"x","order":"1","pct":90.63,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.13,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.