Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 18.04 LTS USN-5174-2 Critical: Samba Authentication Problem

ubuntu
Calendar Grey December 13, 2021
Dist Ubuntu Esm H88
Critical Ubuntu Security Update USN-5210-3 responds to Samba issues impacting user authentication mechanisms.
USN-5174-1 introduced a regression in Samba.

Summary

USN-5174-1 introduced a regression in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a

regression in Kerberos authentication in certain environments.

Please see the following upstream bug for more information:

This update fixes the problem.

Original advisory details:

Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client

connections. A remote attacker could possibly use this issue to downgrade

connections to plaintext authentication. (CVE-2016-2124)

Andrew Bartlett discovered that Samba incorrectly mapping domain users to

local users. An authenticated attacker could possibly use this issue to

become root on domain members. (CVE-2020-25717)

Andrew Bartlett discovered that Samba did not properly check sensitive

attributes. An authenticated attacker could possibly use this issue to

escalate privileges. (...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  samba                           2:4.7.6+dfsg~ubuntu-0ubuntu2.27

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5174-2

https://ubuntu.com/security/notices/USN-5174-1

https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1950363

Severity
critical
Lowest
Low
Medium
High
Critical

December 13, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.