Bug 11871

Summary: samba new security issues CVE-2012-6150 and CVE-2013-4408
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 3Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/576257/
Whiteboard: advisory mga3-32-ok mga3-64-ok
Source RPM: samba-3.6.15-1.2.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-12-04 16:29:17 CET 
A CVE was allocated for a security issue fixed upstream on December 2:
http://openwall.com/lists/oss-security/2013/12/03/5

The patch was obtained from the upstream bug:
https://bugzilla.samba.org/show_bug.cgi?id=10300
https://attachments.samba.org/attachment.cgi?id=9499

Fixed in samba-3.6.21-2.mga4 for Cauldron.  Patch added in Mageia 3 SVN.

RedHat has rated it as low severity and hasn't taken any action on it yet:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6150

Upstream also hasn't issued new versions with the fix yet (though the fix is committed in the various branches), so maybe we don't need to push this yet.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-12-10 00:35:42 CET 
Debian has issued an advisory today (December 9):
http://www.debian.org/security/2013/dsa-2812

This fixes an additional issue, CVE-2013-4408.

RedHat has rated it as a high severity issue:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4408

Patched packages uploaded for Mageia 3 and Cauldron.

Advisory:
========================

Updated samba packages fix security vulnerabilities:

Samba before 3.6.22 incorrectly allows login from authenticated users if the
require_membership_of parameter of pam_winbind specifies only invalid group
names (CVE-2012-6150).

It was discovered that multiple buffer overflows in the processing of DCE-RPC
packets may lead to the execution of arbitrary code (CVE-2013-4408).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://www.samba.org/samba/security/CVE-2012-6150
http://www.samba.org/samba/security/CVE-2013-4408
http://www.debian.org/security/2013/dsa-2812
========================

Updated packages in core/updates_testing:
========================
samba-server-3.6.15-1.3.mga3
samba-client-3.6.15-1.3.mga3
samba-common-3.6.15-1.3.mga3
samba-doc-3.6.15-1.3.mga3
samba-swat-3.6.15-1.3.mga3
samba-winbind-3.6.15-1.3.mga3
nss_wins-3.6.15-1.3.mga3
libsmbclient0-3.6.15-1.3.mga3
libsmbclient0-devel-3.6.15-1.3.mga3
libsmbclient0-static-devel-3.6.15-1.3.mga3
libnetapi0-3.6.15-1.3.mga3
libnetapi-devel-3.6.15-1.3.mga3
libsmbsharemodes0-3.6.15-1.3.mga3
libsmbsharemodes-devel-3.6.15-1.3.mga3
libwbclient0-3.6.15-1.3.mga3
libwbclient-devel-3.6.15-1.3.mga3
samba-virusfilter-clamav-3.6.15-1.3.mga3
samba-virusfilter-fsecure-3.6.15-1.3.mga3
samba-virusfilter-sophos-3.6.15-1.3.mga3
samba-domainjoin-gui-3.6.15-1.3.mga3

from samba-3.6.15-1.3.mga3.src.rpm

URL: (none) => http://lwn.net/Vulnerabilities/576257/
Assignee: bugsquad => qa-bugs
Summary: samba new security issue CVE-2012-6150 => samba new security issues CVE-2012-6150 and CVE-2013-4408
Severity: normal => critical

Comment 2 David Walser 2013-12-11 21:00:54 CET 
Ubuntu has issued an advisory for this today (December 11):
http://www.ubuntu.com/usn/usn-2054-1/

LWN reference for CVE-2012-6150:
http://lwn.net/Vulnerabilities/576621/
Comment 3 claire robinson 2013-12-12 16:53:00 CET 
Testing complete mga3 32 & 64

Mounted a share in each direction.

Advisory uploaded. Validating.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: (none) => advisory mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2013-12-12 23:26:15 CET 
Update pushed:
http://advisories.mageia.org/MGASA-2013-0369.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED