You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa samba

Sigurnosni nedostatak programskog paketa samba

==========================================================================
Ubuntu Security Notice USN-4510-1
September 17, 2020

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Samba would allow unintended access to files over the network.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the credentials of
the domain admin.

This update fixes the issue by changing the “server schannel” setting to
default to “yes”, instead of “auto”, which will force a secure netlogon
channel. This may result in compatibility issues with older devices. A
future update may allow a finer-grained control over this setting.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.19

Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.30

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4510-1
CVE-2020-1472

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.19
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.30

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl9jUZwACgkQZWnYVadE
vpOwZhAAmAFbDX95p1i1IBYOVTechrw0tqjkk8L/rBm65vm8TA0rYJYJUPtNJTsw
/Nrz+UPJCXvFSF8qVfeq8w7SwmmGnGkDA2iN632UoRmlvWQp5yGDEM2/UBtBajGk
/Hl4OVZUzqWFgGpjXcbasMdNh6v+p3MWm1z/G5Yuf71a5hYtXeKW4QW8mGXR9wzW
91yJAzKsJQcSw1W2mAldNxq+Rql+LtJ48waDi6R9STXoxV+YVFYHxByQQT8NWlfW
GuiN9AemI66npD3gl7/DucRTQncEnXT1e/bnAJej6DOmum6mA8Mq9q0e9zQFEYqv
Pb4GKQOzX4C20V6kYkNokDLfo7lBcKD1f/lWTB55t6qLQ86kwOfrYkPAYgUDjJSK
rOp/ydSdxCwypeS+eMzaifOb2WedqlxBG3SAsAEfGQE4Le/EjH2ge7I8nriMWu9P
0cKEWj4ZDRQ5U8GV9OLmgvZ6f17XXzU27JDIgl86veljmWc2u2tFyuIZN/wEcI73
eknHFij82J2pxV7j+jGHwBVvh0xfdsguJ69o3Xhc5EaBrUO2AF9z8eTW3bCw0lCD
6RWvuNS7BwNCVsqkkJgwJ1op18wJ76PsmZ+Nf/U6lNc1HFYNbL9NbiFvn/WuabQN
/veNsjAnLhJkVEnwp3HuqsTfevJf+3WKKx1QUDpEPiZ3P28sS58=
=Ml40
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4510-2
September 17, 2020

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

Samba would allow unintended access to files over the network.

Software Description:
– samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-4510-1 fixed a vulnerability in Samba. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Tom Tervoort discovered that the Netlogon protocol implemented by Samba
incorrectly handled the authentication scheme. A remote attacker could use
this issue to forge an authentication token and steal the credentials of
the domain admin.

This update fixes the issue by changing the “server schannel” setting to
default to “yes”, instead of “auto”, which will force a secure netlogon
channel. This may result in compatibility issues with older devices. A
future update may allow a finer-grained control over this setting.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4510-2
https://usn.ubuntu.com/4510-1
CVE-2020-1472
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl9jXKIACgkQRbznW4QL
H2ngpg//Q0WyVPuOWri3HwvXVrLCeVBrxCQrUmACdT5Sahf0K2Hrz9g5r1yUt3FH
CgtHVk03bMxMRTwdno3kxargyMU0qtXubqJ+8jQtNQgUGNHo6Ihm2PO95MVynzrS
JG/ZQIrP5P6jo5MNEK6VIWhqUhVDh64oq4PF/unsx8eOP36E29oVq2oGoWh2PgIK
sjCtMbhN2yJ1UtlLZ6cyq0agjswvrMHYm6WDBAztJmPlD2tpF3wVGWPk19PSIV4L
svyM4khYsahouIHa+Mgr8YsJsOLam3xu9KurcN9t87T1AUVda5kKwlJ7n1yTZbPf
abwLSoXcw8usMxKcroqGRjPfaawVIYw6fvPef/4XX8bJmmK8nc0zxNcYHwC1z3hU
y35WO8052TUc7OHApn7W84ZLx9b0iAJl3soc56PDKNPA+YbLtrPpu/5/sE5r1VaC
OKJePSOR4eLN0AU8Vr5XWuUfdcJHknlopgInYzkU2pnw3crg40wlhoJ8yhRlBqXh
FFOJxbtOHjrrGvdU+xsiOGaBzhsvKQMSsxrnPPh0dZpMWNckuTk/4MiAKhACtBZR
bXSJ7jCKzWiOKP+LD3Tgt5c2WWv/eh1lgdht2PJ0v3LcranHBGTPiYSFQF7Qi0CJ
l769tL37n29wLyolGW4iN1oZHiseBgozHNI6EtKLo2voPZsqGbU=
=+wii
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa qemu

Otkriven je sigurnosni nedostatak u programskom paketu qemu za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja...

Close