Samba has issued an advisory on September 18: https://www.samba.org/samba/security/CVE-2020-1472.html The issue is fixed upstream in 4.10.18 and 4.12.7: https://www.samba.org/samba/history/samba-4.10.18.html https://www.samba.org/samba/history/samba-4.12.7.html Mageia 7 is also affected (though we're not affected in the default configuration).
Whiteboard: (none) => MGA7TOO
Ubuntu has issued an advisory for this on September 17: https://ubuntu.com/security/notices/USN-4510-1
Severity: normal => major
4.10.18 submitted to core/updates_testing for mga7 from r1630707 4.12.7 in progress for cauldron
Package list for Mageia 7: samba-4.10.18-1.mga7 samba-client-4.10.18-1.mga7 samba-common-4.10.18-1.mga7 samba-dc-4.10.18-1.mga7 libsamba-dc0-4.10.18-1.mga7 libkdc-samba4_2-4.10.18-1.mga7 libheimntlm-samba4_1-4.10.18-1.mga7 libsamba-devel-4.10.18-1.mga7 samba-krb5-printing-4.10.18-1.mga7 libsamba1-4.10.18-1.mga7 libsmbclient0-4.10.18-1.mga7 libsmbclient-devel-4.10.18-1.mga7 libwbclient0-4.10.18-1.mga7 libwbclient-devel-4.10.18-1.mga7 python2-samba-4.10.18-1.mga7 python3-samba-4.10.18-1.mga7 samba-pidl-4.10.18-1.mga7 samba-test-4.10.18-1.mga7 libsamba-test0-4.10.18-1.mga7 samba-winbind-4.10.18-1.mga7 samba-winbind-clients-4.10.18-1.mga7 samba-winbind-krb5-locator-4.10.18-1.mga7 samba-winbind-modules-4.10.18-1.mga7 ctdb-4.10.18-1.mga7 ctdb-tests-4.10.18-1.mga7
samba-4.12.7-1.mga8 uploaded for Cauldron by Buchan. Mageia 7 package list in Comment 3. Advisory: ======================== Updated samba packages fix security vulnerability: When Samba is used as a domain controller, an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw (CVE-2020-1472). Note that Samba installations are not vulnerable unless they have the smb.conf lines 'server schannel = no' or 'server schannel = auto'. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472 https://www.samba.org/samba/history/samba-4.10.18.html https://www.samba.org/samba/security/CVE-2020-1472.html
CC: (none) => bgmilneVersion: Cauldron => 7Source RPM: samba-4.12.6-1.mga8.src.rpm, samba-4.10.17-1.mga7.src.rpm => samba-4.10.17-1.mga7.src.rpmWhiteboard: MGA7TOO => (none)Assignee: bgmilne => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues Ref bug 26566 Comment 4 for testing Used MCC to do basic setup of samba server, used webmin to define samba users Could connect to my own samba server from this laptop by: $ smbclient //mach1/herman -U herman Enter MYGROUP\herman's password: Try "help" to get a list of possible commands. smb: \> help ? allinfo altname archive backup blocksize cancel case_sensitive cd chmod chown close del deltree dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer notify open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink posix_whoami print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode scopy stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect tcon tdis tid utimes logoff .. ! smb: \> pwd Current directory is \\mach1\herman\ smb: \> ls . D 0 Mon Sep 28 11:26:20 2020 .. D 0 Fri Sep 4 10:06:10 2020 Viaene-2020-08-07-17-48-13.gramps N 509508 Fri Aug 7 17:48:17 2020 rpmbuild D 0 Sun Aug 16 11:16:34 2020 idkaartherman.jpg N 235947 Thu Sep 23 17:27:46 2010 Watteeuw-2020-08-29-14-22-33.gramps N 678052 Sat Aug 29 14:22:37 2020 kerst2015nedklein.ppsx N 1514274 Fri Dec 25 20:05:05 2015 .gnucash DH 0 Sun Dec 29 11:33:23 2019 ipv6.html N 22650 Tue Dec 29 12:35:25 2009 CV muzikaal.odt N 11374 Sat May 28 09:04:16 2016 Picture1.jpg N 118784 Tue Dec 29 12:35:24 2009 atl.dll N 73785 Tue Dec 29 12:35:24 2009 IP-Masquerade-HOWTO-5.html N 22228 Tue Dec 29 12:35:24 2009 montage.pdf N 5889267 Fri Jan 10 09:31:57 2014 vis.mp3 N 160344 Tue Dec 29 12:35:25 2009 index.php N 72003 Tue Dec 29 12:35:25 2009 DATA D 0 Mon Jul 27 11:15:39 2020 .VirtualBox DH 0 Fri Aug 28 14:39:45 2020 oraInventory D 0 Sun May 13 17:16:34 2018 audacity2.0-herman D 0 Mon Jul 27 11:14:53 2020 and a lot more. Did the same from my desktop to the samba server on this laptop, equally successfull.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
On mga7-64 kernel-desktop plasma packages installed cleanly: - lib64gnutls30-3.6.15-1.mga7.x86_64 - lib64heimntlm-samba4_1-4.10.18-1.mga7.x86_64 - lib64kdc-samba4_2-4.10.18-1.mga7.x86_64 - lib64samba-dc0-4.10.18-1.mga7.x86_64 - lib64samba1-4.10.18-1.mga7.x86_64 - lib64smbclient0-4.10.18-1.mga7.x86_64 - lib64wbclient0-4.10.18-1.mga7.x86_64 - samba-4.10.18-1.mga7.x86_64 - samba-client-4.10.18-1.mga7.x86_64 - samba-common-4.10.18-1.mga7.x86_64 I have r/w access to a share on this system from another system on the LAN I have r/w access to a share on another system on the LAN from this system looks OK for mga7-64
CC: (none) => jim
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0380.html
Status: NEW => RESOLVEDResolution: (none) => FIXED