Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Mandriva: 2013:299: samba Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple vulnerabilities has been discovered and corrected in samba: The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by [More...]

 Mandriva Linux Security Advisory                         MDVSA-2013:299

 Package : samba
 Date    : December 22, 2013
 Affected: Business Server 1.0

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in samba:
 The winbind_name_list_to_sid_string_list function in
 nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid
 require_membership_of group names by accepting authentication by
 any user, which allows remote authenticated users to bypass intended
 access restrictions in opportunistic circumstances by leveraging an
 administrator's pam_winbind configuration-file mistake (CVE-2012-6150).
 Buffer overflow in the dcerpc_read_ncacn_packet_done function in
 librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22,
 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain
 controllers to execute arbitrary code via an invalid fragment length
 in a DCE-RPC packet (CVE-2013-4408).
 The updated packages has been upgraded to the 3.6.22 version which
 resolves various upstream bugs and is not vulnerable to these issues.


 Updated Packages:

 Mandriva Business Server 1/X86_64:
 e75ca171513e6b1c54ad77fe0feeabe2  mbs1/x86_64/lib64netapi0-3.6.22-1.mbs1.x86_64.rpm
 dbfc96f66f6328db3597dea747915f24  mbs1/x86_64/lib64netapi-devel-3.6.22-1.mbs1.x86_64.rpm
 569452556235a2d00f3e31ca9244e99f  mbs1/x86_64/lib64smbclient0-3.6.22-1.mbs1.x86_64.rpm
 e45b969bcd034b37d6eea9e6438dc623  mbs1/x86_64/lib64smbclient0-devel-3.6.22-1.mbs1.x86_64.rpm
 61624e0bdb59db6a7b38ff6df9b528c0  mbs1/x86_64/lib64smbclient0-static-devel-3.6.22-1.mbs1.x86_64.rpm
 2cab4c1de652fdb153ffc171fd85cb13  mbs1/x86_64/lib64smbsharemodes0-3.6.22-1.mbs1.x86_64.rpm
 432de62da07d76a1c6caee4f5c86b98e  mbs1/x86_64/lib64smbsharemodes-devel-3.6.22-1.mbs1.x86_64.rpm
 ddd929553b7ae807428e9e172295a899  mbs1/x86_64/lib64wbclient0-3.6.22-1.mbs1.x86_64.rpm
 43bd4bd6c15d0dece283d1aec84a3714  mbs1/x86_64/lib64wbclient-devel-3.6.22-1.mbs1.x86_64.rpm
 586fcb19209338416273009e2d7b3c8b  mbs1/x86_64/nss_wins-3.6.22-1.mbs1.x86_64.rpm
 d6e2b27265691f111aa364e7ae5c5276  mbs1/x86_64/samba-client-3.6.22-1.mbs1.x86_64.rpm
 f66d7573d84f5238d3324748511ad2a4  mbs1/x86_64/samba-common-3.6.22-1.mbs1.x86_64.rpm
 07e7710d4b9295fb62e81f23ac723bea  mbs1/x86_64/samba-doc-3.6.22-1.mbs1.noarch.rpm
 67ff474d324a41753f5bdfaf63fd07b3  mbs1/x86_64/samba-domainjoin-gui-3.6.22-1.mbs1.x86_64.rpm
 e81a7bf8da697a055d2e980d54f7ab87  mbs1/x86_64/samba-server-3.6.22-1.mbs1.x86_64.rpm
 88f34c6bff167020ffa8cb2e8b3d6e6f  mbs1/x86_64/samba-swat-3.6.22-1.mbs1.x86_64.rpm
 dcd6bbf7a2fb1dd95fb02f21dfb9acd0  mbs1/x86_64/samba-virusfilter-clamav-3.6.22-1.mbs1.x86_64.rpm
 76ccda39bbf6b56e004e15f04ca9ff0d  mbs1/x86_64/samba-virusfilter-fsecure-3.6.22-1.mbs1.x86_64.rpm
 3dfe1d3ceb575288ebd711a021e20ce5  mbs1/x86_64/samba-virusfilter-sophos-3.6.22-1.mbs1.x86_64.rpm
 e9fd794dbc4491dd5ca595a6cee20479  mbs1/x86_64/samba-winbind-3.6.22-1.mbs1.x86_64.rpm 
 1c633723bd82487b385bdf65e6ef253c  mbs1/SRPMS/samba-3.6.22-1.mbs1.src.rpm

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 You can view other update advisories for Mandriva Linux at:

 If you want to report vulnerabilities, please contact

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.