Bug 9610

Summary: samba new security issue CVE-2013-0454
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard: has_procedure mga2-32-ok mga2-64-ok
Source RPM: samba-3.6.5-2.1.mga2.src.rpm CVE:
Status comment:

Description David Walser 2013-04-03 23:52:52 CEST 
Upstream has announced a security issue that affected 3.6.0-3.6.5:
http://www.samba.org/samba/latest_news.html#CVE-2013-0454

This was fixed upstream on February 1, 2012 and announced April 2, 2013.

Patched package uploaded for Mageia 2.

Advisory:
========================

Updated samba packages fix security vulnerability:

The SMB2 implementation in Samba 3.6.x before 3.6.6 does not properly enforce
CIFS share attributes, which allows remote authenticated users to (1) write to
a read-only share; (2) trigger data-integrity problems related to the oplock,
locking, coherency, or leases attribute; or (3) have an unspecified impact by
leveraging incorrect handling of the browseable or "hide unreadable" parameter
(CVE-2013-0454).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454
========================

Updated packages in core/updates_testing:
========================
samba-server-3.6.5-2.2.mga2
samba-client-3.6.5-2.2.mga2
samba-common-3.6.5-2.2.mga2
samba-doc-3.6.5-2.2.mga2
samba-swat-3.6.5-2.2.mga2
samba-winbind-3.6.5-2.2.mga2
nss_wins-3.6.5-2.2.mga2
libsmbclient0-3.6.5-2.2.mga2
libsmbclient0-devel-3.6.5-2.2.mga2
libsmbclient0-static-devel-3.6.5-2.2.mga2
libnetapi0-3.6.5-2.2.mga2
libnetapi-devel-3.6.5-2.2.mga2
libsmbsharemodes0-3.6.5-2.2.mga2
libsmbsharemodes-devel-3.6.5-2.2.mga2
libwbclient0-3.6.5-2.2.mga2
libwbclient-devel-3.6.5-2.2.mga2
samba-virusfilter-clamav-3.6.5-2.2.mga2
samba-virusfilter-fsecure-3.6.5-2.2.mga2
samba-virusfilter-sophos-3.6.5-2.2.mga2
samba-domainjoin-gui-3.6.5-2.2.mga2

from samba-3.6.5-2.2.mga2.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-04-04 17:52:34 CEST 
Updating the severity and references.

Advisory:
========================

Updated samba packages fix security vulnerability:

The SMB2 implementation in Samba 3.6.x before 3.6.6 does not properly enforce
CIFS share attributes, which allows remote authenticated users to (1) write to
a read-only share; (2) trigger data-integrity problems related to the oplock,
locking, coherency, or leases attribute; or (3) have an unspecified impact by
leveraging incorrect handling of the browseable or "hide unreadable" parameter
(CVE-2013-0454).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454
https://www.samba.org/samba/security/CVE-2013-0454
========================

Updated packages in core/updates_testing:
========================
samba-server-3.6.5-2.2.mga2
samba-client-3.6.5-2.2.mga2
samba-common-3.6.5-2.2.mga2
samba-doc-3.6.5-2.2.mga2
samba-swat-3.6.5-2.2.mga2
samba-winbind-3.6.5-2.2.mga2
nss_wins-3.6.5-2.2.mga2
libsmbclient0-3.6.5-2.2.mga2
libsmbclient0-devel-3.6.5-2.2.mga2
libsmbclient0-static-devel-3.6.5-2.2.mga2
libnetapi0-3.6.5-2.2.mga2
libnetapi-devel-3.6.5-2.2.mga2
libsmbsharemodes0-3.6.5-2.2.mga2
libsmbsharemodes-devel-3.6.5-2.2.mga2
libwbclient0-3.6.5-2.2.mga2
libwbclient-devel-3.6.5-2.2.mga2
samba-virusfilter-clamav-3.6.5-2.2.mga2
samba-virusfilter-fsecure-3.6.5-2.2.mga2
samba-virusfilter-sophos-3.6.5-2.2.mga2
samba-domainjoin-gui-3.6.5-2.2.mga2

from samba-3.6.5-2.2.mga2.src.rpm

Severity: normal => major

Comment 2 claire robinson 2013-04-09 11:04:35 CEST 
No public PoC's

Procedure: https://bugs.mageia.org/show_bug.cgi?id=8907#c2

Whiteboard: (none) => has_procedure

Comment 3 claire robinson 2013-04-09 13:00:52 CEST 
Testing i586 to x86_64 and x86_64 to i586

Still problems with MCC diskdrake. One way it finds a server and shares, the other way it doesn't, only itself. Manually mounting with mount -t cifs //host/share /mnt/point -o password=<pass>,username=<user> works fine though.

samba-swat accessible on both at http://localhost:901 after changing disable to no in /etc/xinetd.d/swat and restarting xinetd service.

Validating

Advisory & srpm in comment 1

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure => has_procedure mga2-32-ok mga2-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2013-04-10 00:07:33 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0114

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED