24478 – ldb new security issue CVE-2019-3824

Bug 24478 - ldb new security issue CVE-2019-3824

Summary: ldb new security issue CVE-2019-3824

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA6-32-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:	24513
	Show dependency tree / graph

Reported:	2019-03-08 21:15 CET by David Walser
Modified:	2019-05-07 23:39 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	ldb-1.5.2-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-03-08 21:15:16 CET

Debian has issued an advisory on February 28:
https://www.debian.org/security/2019/dsa-4397

The issue appears to have been fixed upstream in the following versions:
1.2.4, 1.3.8, 1.4.6, 1.5.4, 1.6.2

Mageia 6 is also affected.

David Walser 2019-03-08 21:15:22 CET

Whiteboard: (none) => MGA6TOO

David Walser 2019-03-08 21:24:38 CET

Severity: normal => major

Comment 1 David Walser 2019-03-09 02:59:56 CET

Slightly more informative reference:
https://www.cybersecurity-help.cz/vdb/SB2019022703?affChecked=1

Note that ldb 1.6.x is for Samba 4.11.x (1.5.x is for Samba 4.10.x).

Comment 2 Marja Van Waes 2019-03-09 07:30:05 CET

Assigning to all packagers collectively, since there is no registered maintainer for this package.

Also CC'ing some committers.

Assignee: bugsquad => pkg-bugs
CC: (none) => bgmilne, bruno, geiger.david68210, lists.jjorge, marja11, smelror

Comment 3 David Walser 2019-03-09 17:25:53 CET

Advisory:
========================

Updated ldb packages fix security vulnerability:

Garming Sam reported an out-of-bounds read in the ldb_wildcard_compare()
function of ldb, resulting in denial of service (CVE-2019-3824).

The ldb package has been updated to version 1.2.4 to fix this issue.  The sssd
and samba packages have been rebuilt against the updated ldb.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3824
https://www.debian.org/security/2019/dsa-4397
========================

Updated packages in core/updates_testing:
========================
libldb1-1.2.4-1.mga6
ldb-utils-1.2.4-1.mga6
libldb-devel-1.2.4-1.mga6
python-ldb-1.2.4-1.mga6
libpyldb-util1-1.2.4-1.mga6
libpyldb-util-devel-1.2.4-1.mga6
sssd-1.13.4-9.4.mga6
sssd-common-1.13.4-9.4.mga6
sssd-client-1.13.4-9.4.mga6
libsss_sudo-1.13.4-9.4.mga6
libsss_autofs-1.13.4-9.4.mga6
sssd-tools-1.13.4-9.4.mga6
python-sssdconfig-1.13.4-9.4.mga6
python3-sssdconfig-1.13.4-9.4.mga6
python-sss-1.13.4-9.4.mga6
python3-sss-1.13.4-9.4.mga6
python-sss-murmur-1.13.4-9.4.mga6
python3-sss-murmur-1.13.4-9.4.mga6
sssd-ldap-1.13.4-9.4.mga6
sssd-krb5-common-1.13.4-9.4.mga6
sssd-krb5-1.13.4-9.4.mga6
sssd-common-pac-1.13.4-9.4.mga6
sssd-ipa-1.13.4-9.4.mga6
sssd-ad-1.13.4-9.4.mga6
sssd-proxy-1.13.4-9.4.mga6
libsss_idmap-1.13.4-9.4.mga6
libsss_idmap-devel-1.13.4-9.4.mga6
libipa_hbac-1.13.4-9.4.mga6
libipa_hbac-devel-1.13.4-9.4.mga6
python-libipa_hbac-1.13.4-9.4.mga6
python3-libipa_hbac-1.13.4-9.4.mga6
libsss_nss_idmap-1.13.4-9.4.mga6
libsss_nss_idmap-devel-1.13.4-9.4.mga6
python-libsss_nss_idmap-1.13.4-9.4.mga6
python3-libsss_nss_idmap-1.13.4-9.4.mga6
sssd-dbus-1.13.4-9.4.mga6
libsss_simpleifp-1.13.4-9.4.mga6
libsss_simpleifp-devel-1.13.4-9.4.mga6
sssd-libwbclient-1.13.4-9.4.mga6
sssd-libwbclient-devel-1.13.4-9.4.mga6
samba-4.7.12-1.2.mga6
samba-client-4.7.12-1.2.mga6
samba-common-4.7.12-1.2.mga6
samba-dc-4.7.12-1.2.mga6
libsamba-dc0-4.7.12-1.2.mga6
libkdc-samba4_2-4.7.12-1.2.mga6
libsamba-devel-4.7.12-1.2.mga6
samba-krb5-printing-4.7.12-1.2.mga6
libsamba1-4.7.12-1.2.mga6
libsmbclient0-4.7.12-1.2.mga6
libsmbclient-devel-4.7.12-1.2.mga6
libwbclient0-4.7.12-1.2.mga6
libwbclient-devel-4.7.12-1.2.mga6
python-samba-4.7.12-1.2.mga6
samba-pidl-4.7.12-1.2.mga6
samba-test-4.7.12-1.2.mga6
libsamba-test0-4.7.12-1.2.mga6
samba-winbind-4.7.12-1.2.mga6
samba-winbind-clients-4.7.12-1.2.mga6
samba-winbind-krb5-locator-4.7.12-1.2.mga6
samba-winbind-modules-4.7.12-1.2.mga6
ctdb-4.7.12-1.2.mga6
ctdb-tests-4.7.12-1.2.mga6

from SRPMS:
ldb-1.2.4-1.mga6.src.rpm
sssd-1.13.4-9.4.mga6.src.rpm
samba-4.7.12-1.2.mga6.src.rpm

Whiteboard: MGA6TOO => (none)
Assignee: pkg-bugs => qa-bugs
CC: bgmilne, bruno, geiger.david68210, lists.jjorge, marja11, smelror => (none)
Version: Cauldron => 6

Comment 4 Herman Viaene 2019-03-11 12:15:46 CET

MGA6-32 MATE on IBM Thinkpad R50e
Skipped installation of devel packages and samba server.
At CLI:
$ smbclient -V
Version 4.7.12

$ smbclient -L mach1
Enter MYGROUP\tester6's password: 
Anonymous login successful

	Sharename       Type      Comment
	---------       ----      -------
	beelden         Disk      beelden
	video           Disk      video
	stamboomViaene  Disk      
	IPC$            IPC       IPC Service (Samba Server Version 4.7.12)
	HP-Officejet-Pro-8100 Printer   HP Officejet Pro 8100
	Boomaga         Printer   Boomaga
Reconnecting with SMB1 for workgroup listing.
Anonymous login successful

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------
	VIA8ENE9             VIA8ENE9
	WORKGROUP            MACH1

That all looks OK.
$ smbclient -L mach1 -U herman -W WORKGROUP
Enter WORKGROUP\herman's password: 
session setup failed: NT_STATUS_LOGON_FAILURE
And I am quite sure I entered the  correct samba-user password
Continuing later .....

CC: (none) => herman.viaene

Comment 5 Herman Viaene 2019-03-11 14:34:22 CET

The update also includes the sssd daemon.
At CLI:
# systemctl -l status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: inactive (dead)

# systemctl -l start sssd
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.

# systemctl -l status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since ma 2019-03-11 14:31:48 CET; 11s ago
  Process: 20204 ExecStart=/usr/sbin/sssd -D -f (code=exited, status=4)

mrt 11 14:31:47 mach6.hviaene.thuis systemd[1]: Starting System Security Services Daemon...
mrt 11 14:31:48 mach6.hviaene.thuis sssd[20204]: Configuration file: /etc/sssd/sssd.conf does not exist
mrt 11 14:31:48 mach6.hviaene.thuis systemd[1]: sssd.service: Control process exited, code=exited statu
mrt 11 14:31:48 mach6.hviaene.thuis systemd[1]: Failed to start System Security Services Daemon.
mrt 11 14:31:48 mach6.hviaene.thuis systemd[1]: sssd.service: Unit entered failed state.
mrt 11 14:31:48 mach6.hviaene.thuis systemd[1]: sssd.service: Failed with result 'exit-code'.

Comment 6 Herman Viaene 2019-04-16 14:16:49 CEST

The sssd stuff is superseded with bug 24513.
There sssd is OK, so it is here with the newer version
Repeated the SMB tests from Comment 4 above with the same results, but after making sure about the users password I get:
$ smbclient -L mach1 -U herman -W WORKGROUP
Enter WORKGROUP\herman's password: 

	Sharename       Type      Comment
	---------       ----      -------
	beelden         Disk      beelden
	video           Disk      video
	stamboomViaene  Disk      
	IPC$            IPC       IPC Service (Samba Server Version 4.7.12)
	herman          Disk      Home Directories
	HP-Officejet-Pro-8100 Printer   HP Officejet Pro 8100
	Boomaga         Printer   Boomaga
Reconnecting with SMB1 for workgroup listing.

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------
	MYGROUP              MACH6
	VIA8ENE9             VIA8ENE9
	WORKGROUP            MACH1

So this is OK as well.
If the higher powers agree this is enough of a test, I will not object an OK.

David Walser 2019-04-16 14:20:56 CEST

Blocks: (none) => 24513

Comment 7 Thomas Andrews 2019-04-28 04:29:49 CEST

Going to validate both of them. Advisory for this one in Comment 3.

Whiteboard: (none) => MGA6-32-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2019-05-07 20:11:25 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 8 Mageia Robot 2019-05-07 23:39:12 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0152.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.