26893 – samba new security issues CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303

Bug 26893 - samba new security issues CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303

Summary: samba new security issues CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	7
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA7-64-OK MGA7-32-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2020-07-02 23:20 CEST by David Walser
Modified:	2020-07-10 10:02 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	samba-4.10.15-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-07-02 23:20:03 CEST

Samba has issued advisories today (July 2):
https://www.samba.org/samba/security/CVE-2020-10730.html
https://www.samba.org/samba/security/CVE-2020-10745.html
https://www.samba.org/samba/security/CVE-2020-10760.html
https://www.samba.org/samba/security/CVE-2020-14303.html

The issues are fixed upstream in 4.10.17 and 4.12.4:
https://www.samba.org/samba/history/samba-4.10.17.html
https://www.samba.org/samba/history/samba-4.12.4.html

Ubuntu has issued an advisory for the first three CVEs:
https://ubuntu.com/security/notices/USN-4409-1

Mageia 7 is also affected.

Comment 1 David Walser 2020-07-02 23:20:40 CEST

Note that there's also a bugfix update 4.12.5:
https://www.samba.org/samba/history/samba-4.12.5.html

Whiteboard: (none) => MGA7TOO

Comment 2 Buchan Milne 2020-07-05 22:05:26 CEST

Cauldron:
SRPMS: 
ldb-2.1.4-1.mga8
samba-4.12.5-1.mga8

7 updates_testing:
SRPMS:
ldb-1.5.8-1.mga7
samba-4.10.17-1.mga7 (currently building)

Status: NEW => ASSIGNED
CC: (none) => bgmilne
Assignee: bgmilne => bugsquad

Comment 3 David Walser 2020-07-05 23:16:01 CEST

Advisory:
========================

Updated samba packages fix security vulnerabilities:

Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries.
A remote attacker could use this issue to cause Samba to crash, resulting in a
denial of service, or possibly execute arbitrary code (CVE-2020-10730).

Douglas Bagnall discovered that Samba incorrectly handled certain queries. A
remote attacker could possibly use this issue to cause a denial of service
(CVE-2020-10745).

Andrei Popa discovered that Samba incorrectly handled certain LDAP queries. A
remote attacker could use this issue to cause Samba to crash, resulting in a
denial of service, or possibly execute arbitrary code (CVE-2020-10760).

The AD DC NBT server in Samba 4.0 will enter a CPU spin and not process further
requests once it receives a empty (zero-length) UDP packet to port 137
(CVE-2020-14303).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14303
https://www.samba.org/samba/security/CVE-2020-10730.html
https://www.samba.org/samba/security/CVE-2020-10745.html
https://www.samba.org/samba/security/CVE-2020-10760.html
https://www.samba.org/samba/security/CVE-2020-14303.html
https://www.samba.org/samba/history/samba-4.10.17.html
https://ubuntu.com/security/notices/USN-4409-1
========================

Updated packages in core/updates_testing:
========================
libldb1-1.5.8-1.mga7
ldb-utils-1.5.8-1.mga7
libldb-devel-1.5.8-1.mga7
python2-ldb-1.5.8-1.mga7
python3-ldb-1.5.8-1.mga7
libpyldb-util1-1.5.8-1.mga7
libpyldb-util-devel-1.5.8-1.mga7
samba-4.10.17-1.mga7
samba-client-4.10.17-1.mga7
samba-common-4.10.17-1.mga7
samba-dc-4.10.17-1.mga7
libsamba-dc0-4.10.17-1.mga7
libkdc-samba4_2-4.10.17-1.mga7
libheimntlm-samba4_1-4.10.17-1.mga7
libsamba-devel-4.10.17-1.mga7
samba-krb5-printing-4.10.17-1.mga7
libsamba1-4.10.17-1.mga7
libsmbclient0-4.10.17-1.mga7
libsmbclient-devel-4.10.17-1.mga7
libwbclient0-4.10.17-1.mga7
libwbclient-devel-4.10.17-1.mga7
python2-samba-4.10.17-1.mga7
python3-samba-4.10.17-1.mga7
samba-pidl-4.10.17-1.mga7
samba-test-4.10.17-1.mga7
libsamba-test0-4.10.17-1.mga7
samba-winbind-4.10.17-1.mga7
samba-winbind-clients-4.10.17-1.mga7
samba-winbind-krb5-locator-4.10.17-1.mga7
samba-winbind-modules-4.10.17-1.mga7
ctdb-4.10.17-1.mga7
ctdb-tests-4.10.17-1.mga7

from SRPMS:
ldb-1.5.8-1.mga7.src.rpm
samba-4.10.17-1.mga7.src.rpm

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
Assignee: bugsquad => qa-bugs

Comment 4 Brian Rockwell 2020-07-07 17:28:38 CEST

This is an upgrade from existing on x86_64 box.

$ uname -a
Linux linux.local 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Gnome

- ldb-utils-1.5.8-1.mga7.x86_64
- lib64ldb1-1.5.8-1.mga7.x86_64
- lib64pyldb-util1-1.5.8-1.mga7.x86_64
- lib64samba-dc0-4.10.17-1.mga7.x86_64
- lib64samba-test0-4.10.17-1.mga7.x86_64
- lib64samba1-4.10.17-1.mga7.x86_64
- lib64smbclient0-4.10.17-1.mga7.x86_64
- lib64wbclient0-4.10.17-1.mga7.x86_64
- python2-ldb-1.5.8-1.mga7.x86_64
- python3-ldb-1.5.8-1.mga7.x86_64
- python3-samba-4.10.17-1.mga7.x86_64
- samba-4.10.17-1.mga7.x86_64
- samba-client-4.10.17-1.mga7.x86_64
- samba-common-4.10.17-1.mga7.x86_64
- samba-dc-4.10.17-1.mga7.x86_64
- samba-winbind-4.10.17-1.mga7.x86_64
- samba-winbind-clients-4.10.17-1.mga7.x86_64
- samba-winbind-krb5-locator-4.10.17-1.mga7.x86_64
- samba-winbind-modules-4.10.17-1.mga7.x86_64

-- rebooted --

after reboot

root      1298     1  0 10:05 ?        00:00:00 /usr/sbin/smbd --foreground --no-process-group
root      1895  1298  0 10:05 ?        00:00:00 /usr/sbin/smbd --foreground --no-process-group
root      1896  1298  0 10:05 ?        00:00:00 /usr/sbin/smbd --foreground --no-process-group
root      1900  1298  0 10:05 ?        00:00:00 /usr/sbin/smbd --foreground --no-process-group

Configured ipv6 and ipv4 firewalls




-- connected from a windows 10 PC --

able to transfer files to the server.

Working for me.

CC: (none) => brtians1

Comment 5 Brian Rockwell 2020-07-07 19:46:36 CEST

$ uname -a
Linux localhost 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux


----
- ldb-utils-1.5.8-1.mga7.x86_64
- lib64heimntlm-samba4_1-4.10.17-1.mga7.x86_64
- lib64kdc-samba4_2-4.10.17-1.mga7.x86_64
- lib64ldb1-1.5.8-1.mga7.x86_64
- lib64samba-dc0-4.10.17-1.mga7.x86_64
- lib64samba1-4.10.17-1.mga7.x86_64
- lib64smbclient0-4.10.17-1.mga7.x86_64
- lib64wbclient0-4.10.17-1.mga7.x86_64
- samba-client-4.10.17-1.mga7.x86_64
- samba-common-4.10.17-1.mga7.x86_64

---rebooted---

Able to transfer files between systems.  Working as needed.

Whiteboard: (none) => MGA7-64-OK

Comment 6 Brian Rockwell 2020-07-08 05:43:56 CEST

$ uname -a
Linux localhost 5.6.14-server-2.mga7 #1 SMP Thu May 21 00:23:13 UTC 2020 i686 i686 i386 GNU/Linux

----

- ldb-utils-1.5.8-1.mga7.i586
- libheimntlm-samba4_1-4.10.17-1.mga7.i586
- libkdc-samba4_2-4.10.17-1.mga7.i586
- libldb1-1.5.8-1.mga7.i586
- libsamba-dc0-4.10.17-1.mga7.i586
- libsamba1-4.10.17-1.mga7.i586
- libsmbclient0-4.10.17-1.mga7.i586
- libwbclient0-4.10.17-1.mga7.i586
- samba-4.10.17-1.mga7.i586
- samba-client-4.10.17-1.mga7.i586
- samba-common-4.10.17-1.mga7.i586

----

rebooted

It operated normally as a samba server - no issues identified.

Whiteboard: MGA7-64-OK => MGA7-64-OK MGA7-32-OK

Comment 7 Thomas Andrews 2020-07-08 21:00:24 CEST

Thank you, Brian. Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Nicolas Lécureuil 2020-07-10 09:28:29 CEST

Keywords: (none) => advisory
CC: (none) => mageia

Comment 8 Mageia Robot 2020-07-10 10:02:18 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0289.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.