Upstream has announced a security issue that affected 3.6.0-3.6.5: http://www.samba.org/samba/latest_news.html#CVE-2013-0454 This was fixed upstream on February 1, 2012 and announced April 2, 2013. Patched package uploaded for Mageia 2. Advisory: ======================== Updated samba packages fix security vulnerability: The SMB2 implementation in Samba 3.6.x before 3.6.6 does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter (CVE-2013-0454). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454 ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.5-2.2.mga2 samba-client-3.6.5-2.2.mga2 samba-common-3.6.5-2.2.mga2 samba-doc-3.6.5-2.2.mga2 samba-swat-3.6.5-2.2.mga2 samba-winbind-3.6.5-2.2.mga2 nss_wins-3.6.5-2.2.mga2 libsmbclient0-3.6.5-2.2.mga2 libsmbclient0-devel-3.6.5-2.2.mga2 libsmbclient0-static-devel-3.6.5-2.2.mga2 libnetapi0-3.6.5-2.2.mga2 libnetapi-devel-3.6.5-2.2.mga2 libsmbsharemodes0-3.6.5-2.2.mga2 libsmbsharemodes-devel-3.6.5-2.2.mga2 libwbclient0-3.6.5-2.2.mga2 libwbclient-devel-3.6.5-2.2.mga2 samba-virusfilter-clamav-3.6.5-2.2.mga2 samba-virusfilter-fsecure-3.6.5-2.2.mga2 samba-virusfilter-sophos-3.6.5-2.2.mga2 samba-domainjoin-gui-3.6.5-2.2.mga2 from samba-3.6.5-2.2.mga2.src.rpm Reproducible: Steps to Reproduce:
Updating the severity and references. Advisory: ======================== Updated samba packages fix security vulnerability: The SMB2 implementation in Samba 3.6.x before 3.6.6 does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter (CVE-2013-0454). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454 https://www.samba.org/samba/security/CVE-2013-0454 ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.5-2.2.mga2 samba-client-3.6.5-2.2.mga2 samba-common-3.6.5-2.2.mga2 samba-doc-3.6.5-2.2.mga2 samba-swat-3.6.5-2.2.mga2 samba-winbind-3.6.5-2.2.mga2 nss_wins-3.6.5-2.2.mga2 libsmbclient0-3.6.5-2.2.mga2 libsmbclient0-devel-3.6.5-2.2.mga2 libsmbclient0-static-devel-3.6.5-2.2.mga2 libnetapi0-3.6.5-2.2.mga2 libnetapi-devel-3.6.5-2.2.mga2 libsmbsharemodes0-3.6.5-2.2.mga2 libsmbsharemodes-devel-3.6.5-2.2.mga2 libwbclient0-3.6.5-2.2.mga2 libwbclient-devel-3.6.5-2.2.mga2 samba-virusfilter-clamav-3.6.5-2.2.mga2 samba-virusfilter-fsecure-3.6.5-2.2.mga2 samba-virusfilter-sophos-3.6.5-2.2.mga2 samba-domainjoin-gui-3.6.5-2.2.mga2 from samba-3.6.5-2.2.mga2.src.rpm
Severity: normal => major
No public PoC's Procedure: https://bugs.mageia.org/show_bug.cgi?id=8907#c2
Whiteboard: (none) => has_procedure
Testing i586 to x86_64 and x86_64 to i586 Still problems with MCC diskdrake. One way it finds a server and shares, the other way it doesn't, only itself. Manually mounting with mount -t cifs //host/share /mnt/point -o password=<pass>,username=<user> works fine though. samba-swat accessible on both at http://localhost:901 after changing disable to no in /etc/xinetd.d/swat and restarting xinetd service. Validating Advisory & srpm in comment 1 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure mga2-32-ok mga2-64-okCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0114
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED