Arch Linux Security Advisory ASA-201911-6
========================================
Severity: Medium
Date    : 2019-11-03
CVE-ID  : CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
Package : samba
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1057

Summary
======
The package samba before version 4.10.10-1 is vulnerable to multiple
issues including arbitrary filesystem access, insufficient validation
and denial of service.

Resolution
=========
Upgrade to 4.10.10-1.

# pacman -Syu "samba>=4.10.10-1"

The problems have been fixed upstream in version 4.10.10.

Workaround
=========
None.

Description
==========
- CVE-2019-10218 (arbitrary filesystem access)

An issue has been found in Samba before 4.10.10 where a malicious
server can craft a pathname containing separators and return this to
client code, causing the client to use this access local pathnames for
reading or writing instead of SMB network pathnames.

- CVE-2019-14833 (insufficient validation)

A security issue has been found in Samba before 4.10.10, where the
check password script does not receive the full password string when
the password contains multi-byte (non-ASCII) characters.
Since Samba Version 4.5.0 a Samba AD DC can use a custom command to
verify the password complexity. The command can be specified with the
"check password script" smb.conf parameter. This command is called when
Samba handles a user password change or a new user password is set. The
script receives the new cleartext password string in order to run
custom password complexity checks like dictionary checks to avoid weak
user passwords. If the check password script parameter is not
specified, Samba runs the internal password quality checks. The
internal check makes sure that a password contains characters from
three of five different characters categories.

- CVE-2019-14847 (denial of service)

A denial of service has been found in Samba before 4.10.10, where userswith the "get changes" extended access right can crash the AD DC LDAP
server by requesting an attribute using the range= syntax.
By default, the supported versions of Samba impacted by this issue run
using the "standard" process model, which is unaffected. This is
controlled by the -M or --model parameter to the samba binary.
Unsupported Samba versions before Samba 4.7 use a single process for
the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are
impacted if -M prefork or -M single is used. To mitigate this issue,
select -M standard (the default).

Impact
=====
An attacker is able to access and write on files via arbitrary paths or
crash the application.

References
=========
https://www.samba.org/samba/security/CVE-2019-10218.html
https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch
https://www.samba.org/samba/security/CVE-2019-14833.html
https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch
https://www.samba.org/samba/security/CVE-2019-14847.html
https://security.archlinux.org/CVE-2019-10218
https://security.archlinux.org/CVE-2019-14833
https://security.archlinux.org/CVE-2019-14847

ArchLinux: 201911-6: samba: multiple issues

November 4, 2019

Summary

- CVE-2019-10218 (arbitrary filesystem access) An issue has been found in Samba before 4.10.10 where a malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames.
- CVE-2019-14833 (insufficient validation)
A security issue has been found in Samba before 4.10.10, where the check password script does not receive the full password string when the password contains multi-byte (non-ASCII) characters. Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the "check password script" smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The script receives the new cleartext password string in order to run custom password complexity checks like dictionary checks to avoid weak user passwords. If the check password script parameter is not specified, Samba runs the internal password quality checks. The internal check makes sure that a password contains characters from three of five different characters categories.
- CVE-2019-14847 (denial of service)
A denial of service has been found in Samba before 4.10.10, where userswith the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax. By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).

Resolution

Upgrade to 4.10.10-1. # pacman -Syu "samba>=4.10.10-1"
The problems have been fixed upstream in version 4.10.10.

References

https://www.samba.org/samba/security/CVE-2019-10218.html https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch https://www.samba.org/samba/security/CVE-2019-14833.html https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch https://www.samba.org/samba/security/CVE-2019-14847.html https://security.archlinux.org/CVE-2019-10218 https://security.archlinux.org/CVE-2019-14833 https://security.archlinux.org/CVE-2019-14847

Severity
Package : samba
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1057

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved