exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2013-299

Mandriva Linux Security Advisory 2013-299
Posted Dec 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-299 - The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. The updated packages has been upgraded to the 3.6.22 version which resolves various upstream bugs and is not vulnerable to these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-6150, CVE-2013-4408
SHA-256 | 616e78bf48894f3bc5d18232a8b44d069f6ab91be39e3eb85bbad5e45a00df87

Mandriva Linux Security Advisory 2013-299

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:299
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : samba
Date : December 22, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in samba:

The winbind_name_list_to_sid_string_list function in
nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid
require_membership_of group names by accepting authentication by
any user, which allows remote authenticated users to bypass intended
access restrictions in opportunistic circumstances by leveraging an
administrator's pam_winbind configuration-file mistake (CVE-2012-6150).

Buffer overflow in the dcerpc_read_ncacn_packet_done function in
librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22,
4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain
controllers to execute arbitrary code via an invalid fragment length
in a DCE-RPC packet (CVE-2013-4408).

The updated packages has been upgraded to the 3.6.22 version which
resolves various upstream bugs and is not vulnerable to these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://www.samba.org/samba/history/samba-3.6.21.html
http://www.samba.org/samba/history/samba-3.6.22.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
e75ca171513e6b1c54ad77fe0feeabe2 mbs1/x86_64/lib64netapi0-3.6.22-1.mbs1.x86_64.rpm
dbfc96f66f6328db3597dea747915f24 mbs1/x86_64/lib64netapi-devel-3.6.22-1.mbs1.x86_64.rpm
569452556235a2d00f3e31ca9244e99f mbs1/x86_64/lib64smbclient0-3.6.22-1.mbs1.x86_64.rpm
e45b969bcd034b37d6eea9e6438dc623 mbs1/x86_64/lib64smbclient0-devel-3.6.22-1.mbs1.x86_64.rpm
61624e0bdb59db6a7b38ff6df9b528c0 mbs1/x86_64/lib64smbclient0-static-devel-3.6.22-1.mbs1.x86_64.rpm
2cab4c1de652fdb153ffc171fd85cb13 mbs1/x86_64/lib64smbsharemodes0-3.6.22-1.mbs1.x86_64.rpm
432de62da07d76a1c6caee4f5c86b98e mbs1/x86_64/lib64smbsharemodes-devel-3.6.22-1.mbs1.x86_64.rpm
ddd929553b7ae807428e9e172295a899 mbs1/x86_64/lib64wbclient0-3.6.22-1.mbs1.x86_64.rpm
43bd4bd6c15d0dece283d1aec84a3714 mbs1/x86_64/lib64wbclient-devel-3.6.22-1.mbs1.x86_64.rpm
586fcb19209338416273009e2d7b3c8b mbs1/x86_64/nss_wins-3.6.22-1.mbs1.x86_64.rpm
d6e2b27265691f111aa364e7ae5c5276 mbs1/x86_64/samba-client-3.6.22-1.mbs1.x86_64.rpm
f66d7573d84f5238d3324748511ad2a4 mbs1/x86_64/samba-common-3.6.22-1.mbs1.x86_64.rpm
07e7710d4b9295fb62e81f23ac723bea mbs1/x86_64/samba-doc-3.6.22-1.mbs1.noarch.rpm
67ff474d324a41753f5bdfaf63fd07b3 mbs1/x86_64/samba-domainjoin-gui-3.6.22-1.mbs1.x86_64.rpm
e81a7bf8da697a055d2e980d54f7ab87 mbs1/x86_64/samba-server-3.6.22-1.mbs1.x86_64.rpm
88f34c6bff167020ffa8cb2e8b3d6e6f mbs1/x86_64/samba-swat-3.6.22-1.mbs1.x86_64.rpm
dcd6bbf7a2fb1dd95fb02f21dfb9acd0 mbs1/x86_64/samba-virusfilter-clamav-3.6.22-1.mbs1.x86_64.rpm
76ccda39bbf6b56e004e15f04ca9ff0d mbs1/x86_64/samba-virusfilter-fsecure-3.6.22-1.mbs1.x86_64.rpm
3dfe1d3ceb575288ebd711a021e20ce5 mbs1/x86_64/samba-virusfilter-sophos-3.6.22-1.mbs1.x86_64.rpm
e9fd794dbc4491dd5ca595a6cee20479 mbs1/x86_64/samba-winbind-3.6.22-1.mbs1.x86_64.rpm
1c633723bd82487b385bdf65e6ef253c mbs1/SRPMS/samba-3.6.22-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFStvLSmqjQ0CJFipgRArQbAJ92lnIbHg7gbCGhOZyU2Dq8m6loNwCfetCt
p5/1VzCAcokyiwxibLK14xY=
=JHLU
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close