ESB-2018.3687 - [Debian] samba: Denial of service - Existing account 2018-11-28

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3687
                           samba security update
                             28 November 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           samba
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-16851 CVE-2018-16841 CVE-2018-14629

Reference:         ESB-2018.3683

Original Bulletin: 
   http://www.debian.org/security/2018/dsa-4345

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4345-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 27, 2018                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : samba
CVE ID         : CVE-2018-14629 CVE-2018-16841 CVE-2018-16851

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,
print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues:

CVE-2018-14629

    Florian Stuelpner discovered that Samba is vulnerable to
    infinite query recursion caused by CNAME loops, resulting in
    denial of service.

    https://www.samba.org/samba/security/CVE-2018-14629.html

CVE-2018-16841

    Alex MacCuish discovered that a user with a valid certificate or
    smart card can crash the Samba AD DC's KDC when configured to accept
    smart-card authentication.

    https://www.samba.org/samba/security/CVE-2018-16841.html

CVE-2018-16851

    Garming Sam of the Samba Team and Catalyst discovered a NULL pointer
    dereference vulnerability in the Samba AD DC LDAP server allowing a
    user able to read more than 256MB of LDAP entries to crash the Samba
    AD DC's LDAP server.

    https://www.samba.org/samba/security/CVE-2018-16851.html

For the stable distribution (stretch), these problems have been fixed in
version 2:4.5.12+dfsg-2+deb9u4.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/samba

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlv9KLpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qw+xAAnLGnQAqs45jCSDuVeKzjOGDZcz2/PQOtRDINDJ1AoBJz9YeIP83hqVb4
gJ3ZW/efuciS670xqRGFEkGHIIt8Wh+YtCsfblbY6xatmG/z5iNK7C12H0SH3A9+
0k6GR9LHQ/uRTuBEtE+ggfx/uhhHw6zZWu+NIXHHIdK7c2j9/Wz1+CJjkfkbGfPa
G9lk0uxuK6Yy+p4PhUtcMVdBHW1zbeODYj/qcSNULm9OSXCXy/L0zDdbblS8qAql
OYAsNAnnVt3JMIG8eYfCaibX61xW//ViIRfbg0qLoe91Zn0rt3S2piY9003fkSD4
h+2PnmUSZ8EyBb5HUFTMuGdB6jSMVZBtmDH+A9dSVHKB663HlRGIP74Ro4T9yp8t
07+HCA15KRTisjCgHSeURUkRLKJYN1ceFitXhOFNa+Tg/EOxCh1uNLGqHIHL0g+5
w5VVf6HQNc+GoDy6xxTAAu3yI2HmiYwG3QWKvRTrzNNEWD4GMeKug3+RiP8Ipcc9
4PpCk9rsqzLl2LzFhfqEKC33pZ9go73zVkWzDkzhYA5pB+YWvJMWlDs6WD9L10qT
jbjC1txBVfgEoM5zJuXXDAM9eSiIaQeW2399B5QnUqImMMGQQc+ci3YtkPFoRMIm
pWTtSheRA/wnDQf4VU0o21Q8zOU0uc9EoIGZZiC1f5Q2ZPAkcEE=
=GZz7
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW/4W+maOgq3Tt24GAQg0cxAAwCOUgvzIH514SdgrZ51MrZ19Sgb20QtM
bJ0H6iNKq2J8iRKYFoqr2hxTSr06p02uJE3mwjgZXbscGId3f7o0UtXe1dl8Qjbw
YrwQOIwEV9qkGZbQimTmXmF4jSvC2na+BfGvbi0HdpY9p2BdFeVIlq3kjgNwRkc/
z4pd6dCdrNcYDhs6MF2qKDMGRxtVx5UaexJGRHfOrImXZqsHzIKECngNEkPLcwhg
0jMUbggojpQMhu76un5iaMW1ExwoVQlcxjpQkTk8bhuqHJuvpL98ersM7qHlTp08
M7/28DRx0cbSdDoGZ/mqX+/FGwUXOVt/Mgc/YxgC5V48/X7Gr4AA/XKBZsf+r5HK
effpwVhu3hWxWkLHNhDIMertics3qeEs1vBpXN9JwH/I1iRzVPt1zHD0lZrbU9na
aCGIcTCH2tRB6/hTIxgjuI6F5Zo298Lwm/APFtermpVLeZS2sOIwWhmzAVibGakb
MQU4LlysefpCiXVxtjNVd9MwDqstXfuxru9xAxn9kdvIC8yJf5/9QDP6mLXJ350E
+3kCePlQykGom+QtBAKEjQzeOga8CHfp4tQh3CPhsrxKdaPxhKvTwCWZedSHKsKj
G6wV8tlw2bQLNO0YrosJBtZcNXc6riPFJdrad0ixanze8FStUiY1r+BfSY8b9OCr
zldU97kdKVE=
=fWU+
-----END PGP SIGNATURE-----

« Back to bulletins