You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa samba

Sigurnosni nedostaci programskog paketa samba

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2257-1
June 26, 2014

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

Christof Schmitt discovered that Samba incorrectly initialized a certain
response field when vfs shadow copy was enabled. A remote authenticated
attacker could use this issue to possibly obtain sensitive information.
This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178)

It was discovered that the Samba internal DNS server incorrectly handled QR
fields when processing incoming DNS messages. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239)

Daniel Berteaud discovered that the Samba NetBIOS name service daemon
incorrectly handled certain malformed packets. A remote attacker could use
this issue to cause Samba to consume resources, resulting in a denial of
service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and
Ubuntu 14.04 LTS. (CVE-2014-0244)

Simon Arlott discovered that Samba incorrectly handled certain unicode path
names. A remote authenticated attacker could use this issue to cause Samba
to stop responding, resulting in a denial of service. (CVE-2014-3493)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
samba 2:4.1.6+dfsg-1ubuntu2.14.04.2

Ubuntu 13.10:
samba 2:3.6.18-1ubuntu3.3

Ubuntu 12.04 LTS:
samba 2:3.6.3-2ubuntu2.11

Ubuntu 10.04 LTS:
samba 2:3.4.7~dfsg-1ubuntu3.15

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2257-1
CVE-2014-0178, CVE-2014-0239, CVE-2014-0244, CVE-2014-3493

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.1.6+dfsg-1ubuntu2.14.04.2
https://launchpad.net/ubuntu/+source/samba/2:3.6.18-1ubuntu3.3
https://launchpad.net/ubuntu/+source/samba/2:3.6.3-2ubuntu2.11
https://launchpad.net/ubuntu/+source/samba/2:3.4.7~dfsg-1ubuntu3.15

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTrGUVAAoJEGVp2FWnRL6TPbwP/A5DkuMoJILoeReL9iVlQrH0
AdKWGPwBdsItppKaehxZIvOAZou6dAEu5p9cbcNdop2HTewZkvK5xj5Nai9ktX7A
ZlP6hxyEVtAte6AqOFjUZ9r7TsHOgfncmY/34Z7M+j7isLtFjVM4Pb22WjtaauL0
exfvpLa5n/Cdzj/cGNQeInraY77DFzTAGAIpw3MNCEN9Bj2CSxkZtHVQgmPhzQdy
vSojhcaUB1UYQ/857A5sVtMJCAl9kPOWAJvb3rGJoGBCx5s+rkDT0ElP5JHlwWpu
Y3PmA1BnO74PnIlLLPIA2GulP+4d3BJn1FkDjK8iFOpKcdORrhL82pC5R6Qdn5lD
hknFJ+WyNpo0BAZWD159rRZy+pN1taj7+kqfirWhIvdJEvaiJuI0jbke9FiRPzua
x1zB/52OdY5l1fxnhaafV6XHuR9OQ92NGhJMdbn/MyqMKVw/TQE9Io0lpAmBoY76
8DkuLsh+R8lHOgcrsqumHHym5V+ggbCFQaLX/u/zkJpfDREYuHbC8BOXfPeJyX52
aKQcI+kxcG3vYfwfdZj3jAyoIIChnMx+S/AkK+eBQMS0qcYOMBhJBxHV4x4uvuPh
m/vbELpIotFs1WPx0O680zbZS/WVjjiEI3Rz8QksAubv32zwyPl0pwuIEGj9N8dd
V129KS3lBc6PKt8bU4YH
=tdV4
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2014-06-0022-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni nedostatak programskih paketa gnupg i gnupg2

Otkriven je sigurnosni nedostatak u programskim paketima gnupg i gnupg2. Otkriveni nedostatak je uzrokovan neispravnim rukovanjem s OpenPGP porukama. Potencijalnim...

Close