Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Ubuntu 21.10 USN-5142-3 Security Advisory: Samba Kerberos Regression

ubuntu
Calendar Grey December 13, 2021
Dist Ubuntu Esm H88
A recent Ubuntu update addresses a Samba issue affecting Kerberos authentication, thereby bolstering security measures in specific settings.
USN-5142-1 introduced a regression in Samba.

Summary

USN-5142-1 introduced a regression in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes

introduced a regression in Kerberos authentication in certain environments.

Please see the following upstream bug for more information:

This update fixes the problem.

Original advisory details:

Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client

connections. A remote attacker could possibly use this issue to downgrade

connections to plaintext authentication. (CVE-2016-2124)

Andrew Bartlett discovered that Samba incorrectly mapping domain users to

local users. An authenticated attacker could possibly use this issue to

become root on domain members. (CVE-2020-25717)

Andrew Bartlett discovered that Samba did not correctly sandbox Kerberos

tickets issues by an RODC. An RODC could print administrator tickets,

contrary to ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  samba                           2:4.13.14+dfsg-0ubuntu0.21.10.4

Ubuntu 21.04:
  samba                           2:4.13.14+dfsg-0ubuntu0.21.04.4

Ubuntu 20.04 LTS:
  samba                           2:4.13.14+dfsg-0ubuntu0.20.04.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5142-3

https://ubuntu.com/security/notices/USN-5142-1

https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1950363

Severity
critical
Lowest
Low
Medium
High
Critical

December 13, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.