openSUSE Security Update : samba (openSUSE-SU-2014:1040-1)

high Nessus Plugin ID 77296

Synopsis

The remote openSUSE host is missing a security update.

Description

This samba update fixes the following security and non security issues :

- Fix winbind service parameter usage; (bnc#890005).

- lib/param: change the default for 'winbind expand groups' to '0'; (bnc#890008).

- Update to 4.1.11.

+ A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).

- Fix 'net time' segfault; (bso#10728); (bnc#889539).

- Update to 4.1.10.

+ net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263).

+ dbcheck: Add check and test for various invalid userParameters values; (bso#8077).

+ s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now; (bso#8077).

+ Simple use case results in 'no talloc stackframe around, leaking memory' error; (bso#8449).

+ s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763).

+ dsdb: Always store and return the userParameters as a array of LE 16-bit values; (bso#10130).

+ s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute(); (bso#10294).

+ ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory(); (bso#10469).

+ dbchecker: Verify and fix broken dn values; (bso#10536).

+ dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582).

+ s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers; (bso#10587).

+ Fix 'PANIC: assert failed at ../source3/smbd/open.c(1582): ret'; (bso#10593).

+ rid_array used before status checked - segmentation fault due to NULL pointer dereference; (bso#10627).

+ Samba won't start on a machine configured with only IPv4; (bso#10653).

+ msg_channel: Fix a 100% CPU loop; (bso#10663).

+ s3: smbd: Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056).

+ s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673).

+ samba-tool: Add --site parameter to provision command;
(bso#10674).

+ smbstatus: Fix an uninitialized variable; (bso#10680).

+ SMB1 blocking locks can fail notification on unlock, causing client timeout; (bso#10684).

+ s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(); (bso#10685).

+ 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the invalid status check in the second client;
(bso#10687).

+ wbcCredentialCache fails if challenge_blob is not first;
(bso#10692).

+ Backport ldb-1.1.17 + changes from master; (bso#10693).

+ Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693).

+ ldb: Add a env variable to disable RTLD_DEEPBIND;
(bso#10693).

+ ldb: Do not build libldb-cmdline when using system ldb;
(bso#10693).

+ ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910);
(bso#10693).

+ ldb: make the successful ldb_transaction_start() message clearer; (bso#10693).

+ ldb:pyldb: Add some more helper functions for LdbDn;
(bso#10693).

+ ldb: Use of NULL pointer bugfix; (bso#10693).

+ lib/ldb: Fix compiler warnings; (bso#10693).

+ pyldb: Decrement ref counters on py_results and quiet warnings; (bso#10693).

+ s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c; (bso#10693).

+ dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694).

+ s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694).

+ Backport autobuild/selftest fixes from master;
(bso#10696).

+ Backport drs-crackname fixes from master; (bso#10698).

+ smbd: Avoid double-free in get_print_db_byname;
(bso#10699).

+ Backport access check related fixes from master;
(bso#10700).

+ Backport provision fixes from master; (bso#10703).

+ s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(); (bso#10706).

+ s3: Fix missing braces in nfs4_acls.c.

- Add missing newline to debug message in daemon_ready();
(bnc#865627).

- BuildRequire systemd-devel, configure --with-systemd, and modify the service files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).

- Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056).

Dependend libraries were version updated :

libtdb was updated to version 1.3.0. (lots of bugfixes, some new functionality) libtevent was updated to 0.9.21. (lots of bugfixes, some new functionality) libldb was updated to to 1.1.17 (lots of bugfixes, some new functionality) libtalloc was updated to 2.1.1.
(lots of bugfixes, some new functionality)

Solution

Update the affected samba packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=865627

https://bugzilla.novell.com/show_bug.cgi?id=884056

https://bugzilla.novell.com/show_bug.cgi?id=889429

https://bugzilla.novell.com/show_bug.cgi?id=889539

https://bugzilla.novell.com/show_bug.cgi?id=890005

https://bugzilla.novell.com/show_bug.cgi?id=890008

https://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html

Plugin Details

Severity: High

ID: 77296

File Name: openSUSE-2014-507.nasl

Version: 1.9

Type: local

Agent: unix

Published: 8/21/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tdb-debugsource, p-cpe:/a:novell:opensuse:libsamba-policy-devel, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo, p-cpe:/a:novell:opensuse:libregistry0, p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-util-devel, p-cpe:/a:novell:opensuse:samba-libs, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-pidl, p-cpe:/a:novell:opensuse:libndr-nbt0-32bit, p-cpe:/a:novell:opensuse:libndr-nbt0, p-cpe:/a:novell:opensuse:libsmbldap-devel, p-cpe:/a:novell:opensuse:samba-test-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit, p-cpe:/a:novell:opensuse:libsamdb0, p-cpe:/a:novell:opensuse:libtevent-util-devel, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:ldb-debugsource, p-cpe:/a:novell:opensuse:libndr-standard0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit, p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo, p-cpe:/a:novell:opensuse:libpdb-devel, p-cpe:/a:novell:opensuse:libldb-devel, p-cpe:/a:novell:opensuse:libsamdb0-debuginfo, p-cpe:/a:novell:opensuse:libtalloc2, p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0, p-cpe:/a:novell:opensuse:libndr-krb5pac0, p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo, p-cpe:/a:novell:opensuse:libtdb-devel, p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent0, p-cpe:/a:novell:opensuse:libpdb0-32bit, p-cpe:/a:novell:opensuse:samba-python, p-cpe:/a:novell:opensuse:libsmbsharemodes-devel, p-cpe:/a:novell:opensuse:libnetapi0-32bit, p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo, p-cpe:/a:novell:opensuse:python-tdb-debuginfo, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:samba-libs-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit, p-cpe:/a:novell:opensuse:pytalloc, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:pyldb-32bit, p-cpe:/a:novell:opensuse:python-tevent-32bit, p-cpe:/a:novell:opensuse:pytalloc-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:ldb-tools, p-cpe:/a:novell:opensuse:samba-python-debuginfo, p-cpe:/a:novell:opensuse:libpdb0, p-cpe:/a:novell:opensuse:libsamba-util0-32bit, p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libldb1-debuginfo, p-cpe:/a:novell:opensuse:libgensec0-32bit, p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:ldb-tools-debuginfo, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit, p-cpe:/a:novell:opensuse:libsamdb0-32bit, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:libndr-standard0, p-cpe:/a:novell:opensuse:libpdb0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-samr0, p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libsmbldap0-32bit, p-cpe:/a:novell:opensuse:python-tdb-32bit, p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit, p-cpe:/a:novell:opensuse:pytalloc-debuginfo-32bit, p-cpe:/a:novell:opensuse:libldb1-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-hostconfig0, p-cpe:/a:novell:opensuse:libndr0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo, p-cpe:/a:novell:opensuse:samba-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc0, p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo, p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo, p-cpe:/a:novell:opensuse:libgensec-devel, p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo, p-cpe:/a:novell:opensuse:pyldb, p-cpe:/a:novell:opensuse:tevent-debugsource, p-cpe:/a:novell:opensuse:libsmbsharemodes0, p-cpe:/a:novell:opensuse:libsamdb-devel, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:libsamba-credentials-devel, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:libtalloc-devel, p-cpe:/a:novell:opensuse:libregistry0-32bit, p-cpe:/a:novell:opensuse:libldb-devel-debuginfo, p-cpe:/a:novell:opensuse:libsamba-credentials0, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:libndr-standard-devel, p-cpe:/a:novell:opensuse:python-tdb, p-cpe:/a:novell:opensuse:pyldb-devel, p-cpe:/a:novell:opensuse:libsmbconf0, p-cpe:/a:novell:opensuse:pytalloc-devel, p-cpe:/a:novell:opensuse:libtevent-devel, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtalloc2-32bit, p-cpe:/a:novell:opensuse:libtdb1, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libregistry-devel, p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit, p-cpe:/a:novell:opensuse:libsamba-policy0, p-cpe:/a:novell:opensuse:samba-test, p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-samr-devel, p-cpe:/a:novell:opensuse:libsmbconf0-32bit, p-cpe:/a:novell:opensuse:libtdb1-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0, p-cpe:/a:novell:opensuse:python-tevent, p-cpe:/a:novell:opensuse:python-tevent-debuginfo-32bit, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-raw0, p-cpe:/a:novell:opensuse:libsmbconf-devel, p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient-raw-devel, p-cpe:/a:novell:opensuse:samba-test-debuginfo, p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo, p-cpe:/a:novell:opensuse:samba-core-devel, p-cpe:/a:novell:opensuse:libpdb0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, p-cpe:/a:novell:opensuse:samba-libs-debuginfo, p-cpe:/a:novell:opensuse:pyldb-debuginfo-32bit, p-cpe:/a:novell:opensuse:tdb-tools-debuginfo, p-cpe:/a:novell:opensuse:libgensec0-debuginfo, p-cpe:/a:novell:opensuse:libtdb1-debuginfo, p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo, p-cpe:/a:novell:opensuse:libtevent0-32bit, p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo, p-cpe:/a:novell:opensuse:pytalloc-32bit, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:python-tevent-debuginfo, p-cpe:/a:novell:opensuse:libndr-nbt-devel, p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel, p-cpe:/a:novell:opensuse:libldb1, p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr0-32bit, p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc0-32bit, p-cpe:/a:novell:opensuse:python-tdb-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-32bit, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:libtevent-util0, p-cpe:/a:novell:opensuse:libndr-devel, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:libsmbldap0, p-cpe:/a:novell:opensuse:libdcerpc-devel, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo, p-cpe:/a:novell:opensuse:talloc-debugsource, p-cpe:/a:novell:opensuse:libndr0, p-cpe:/a:novell:opensuse:libgensec0, p-cpe:/a:novell:opensuse:pyldb-debuginfo, p-cpe:/a:novell:opensuse:libtevent-util0-32bit, p-cpe:/a:novell:opensuse:tdb-tools, p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-policy0-32bit, p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac-devel, p-cpe:/a:novell:opensuse:libregistry0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel, p-cpe:/a:novell:opensuse:libsamba-util0, p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 8/13/2014

Reference Information

CVE: CVE-2014-3560