Debian: DSA-5015-1 Moderate: Samba Access Control Issue Exploit
debian
November 30, 2021
Andrew Bartlett discovered that Samba, a SMB/CIFS file, print, and login server for Unix, may map domain users to local users in an undesired way
Topics Covered
Summary
A new parameter "min domain uid" (default 1000) has been added to
specify the minimum uid allowed when mapping a local account to a domain
account.
Further details and workarounds can be found in the upstream advisory
For the oldstable distribution (buster), this problem has been fixed
in version 2:4.9.5+dfsg-5+deb10u2. Additionally the update mitigates
CVE-2020-25722. Unfortunately the changes required to fix additional
CVEs affecting Samba as an AD-compatible domain controller are too
invasive to be backported. Thus users using Samba as an AD-compatible
domain controller are encouraged to migrate to Debian bullseye. From
this point onwards AD domain controller setups are no longer supported
in Debian oldstable.
We recommend that you upgrade your samba packages.
For the detailed security status of samba please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/samba
Further information about Debian Security Advisories, how to apply
these updates to you...
PREVIOUS
NEXT
Package: samba
CVE ID: CVE-2020-25717
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!