Changeset 735
- Timestamp:
- Nov 12, 2012, 5:25:07 PM (13 years ago)
- Location:
- branches/samba-3.5.x
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.5.x/WHATSNEW.txt
r734 r735 1 1 ============================== 2 Release Notes for Samba 3.5.1 43 April 10, 20122 Release Notes for Samba 3.5.15 3 April 30, 2012 4 4 ============================== 5 5 6 6 7 7 This is a security release in order to address 8 CVE-2012-1182 ("root" credential remote code execution). 9 10 o CVE-2012-1182: 11 Samba 3.0.x to 3.6.3 are affected by a 12 vulnerability that allows remote code 13 execution as the "root" user. 14 15 16 Changes since 3.5.13: 8 CVE-2012-2111 (Incorrect permission checks when granting/removing 9 privileges can compromise file server security). 10 11 o CVE-2012-2111: 12 Samba 3.4.x to 3.6.4 are affected by a 13 vulnerability that allows arbitrary users 14 to modify privileges on a file server. 15 16 17 Changes since 3.5.14: 17 18 --------------------- 18 19 19 20 20 o Stefan Metzmacher <metze@samba.org>21 * BUG 8815: PIDL based autogenerated code allows overwriting beyond of22 allocated array (CVE-2012-1182).21 o Jeremy Allison <jra@samba.org> 22 * Fix incorrect permission checks when granting/removing 23 privileges (CVE-2012-2111). 23 24 24 25 … … 45 46 Release notes for older releases follow: 46 47 ---------------------------------------- 48 49 ============================== 50 Release Notes for Samba 3.5.14 51 April 10, 2012 52 ============================== 53 54 55 This is a security release in order to address 56 CVE-2012-1182 ("root" credential remote code execution). 57 58 o CVE-2012-1182: 59 Samba 3.0.x to 3.6.3 are affected by a 60 vulnerability that allows remote code 61 execution as the "root" user. 62 63 64 Changes since 3.5.13: 65 --------------------- 66 67 68 o Stefan Metzmacher <metze@samba.org> 69 *BUG 8815: PIDL based autogenerated code allows overwriting beyond of 70 allocated array (CVE-2012-1182). 71 72 73 ###################################################################### 74 Reporting bugs & Development Discussion 75 ####################################### 76 77 Please discuss this release on the samba-technical mailing list or by 78 joining the #samba-technical IRC channel on irc.freenode.net. 79 80 If you do report problems then please try to send high quality 81 feedback. If you don't provide vital information to help us track down 82 the problem then you will probably be ignored. All bug reports should 83 be filed under the Samba 3.5 product in the project's Bugzilla 84 database (https://bugzilla.samba.org/). 85 86 87 ====================================================================== 88 == Our Code, Our Bugs, Our Responsibility. 89 == The Samba Team 90 ====================================================================== 91 92 93 ---------------------------------------------------------------------- 94 47 95 48 96 ============================== -
branches/samba-3.5.x/packaging/RHEL-CTDB/samba.spec
r734 r735 6 6 Packager: Samba Team <samba@samba.org> 7 7 Name: samba 8 Version: 3.5.1 48 Version: 3.5.15 9 9 Release: 1GITHASH 10 10 Epoch: 0 -
branches/samba-3.5.x/packaging/RHEL/makerpms.sh
r734 r735 21 21 USERID=`id -u` 22 22 GRPID=`id -g` 23 VERSION='3.5.1 4'23 VERSION='3.5.15' 24 24 REVISION='' 25 25 SPECFILE="samba.spec" -
branches/samba-3.5.x/packaging/RHEL/samba.spec
r734 r735 12 12 Packager: Samba Team <samba@samba.org> 13 13 Name: samba 14 Version: 3.5.1 414 Version: 3.5.15 15 15 Release: 1 16 16 Epoch: 0 -
branches/samba-3.5.x/source3/VERSION
r734 r735 26 26 SAMBA_VERSION_MAJOR=3 27 27 SAMBA_VERSION_MINOR=5 28 SAMBA_VERSION_RELEASE=1 428 SAMBA_VERSION_RELEASE=15 29 29 30 30 ######################################################## -
branches/samba-3.5.x/source3/rpc_server/srv_lsa_nt.c
r414 r735 1692 1692 struct lsa_info *info; 1693 1693 uint32_t acc_granted; 1694 uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS & 1695 ~(LSA_ACCOUNT_ADJUST_PRIVILEGES| 1696 LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| 1697 STD_RIGHT_DELETE_ACCESS)); 1694 1698 struct security_descriptor *psd; 1695 1699 size_t sd_size; … … 1719 1723 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, 1720 1724 &lsa_account_mapping, 1721 r->in.sid, LSA_POLICY_ALL_ACCESS);1725 r->in.sid, owner_access); 1722 1726 if (!NT_STATUS_IS_OK(status)) { 1723 1727 return status; … … 1765 1769 uint32_t des_access = r->in.access_mask; 1766 1770 uint32_t acc_granted; 1771 uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS & 1772 ~(LSA_ACCOUNT_ADJUST_PRIVILEGES| 1773 LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS| 1774 STD_RIGHT_DELETE_ACCESS)); 1767 1775 NTSTATUS status; 1768 1776 … … 1789 1797 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, 1790 1798 &lsa_account_mapping, 1791 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);1799 r->in.sid, owner_access); 1792 1800 if (!NT_STATUS_IS_OK(status)) { 1793 1801 return status; … … 2175 2183 } 2176 2184 2177 /* get the generic lsa account SD for this SIDuntil we store it */2185 /* get the generic lsa account SD until we store it */ 2178 2186 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, 2179 2187 &lsa_account_mapping, 2180 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);2188 NULL, 0); 2181 2189 if (!NT_STATUS_IS_OK(status)) { 2182 2190 return status; … … 2246 2254 } 2247 2255 2248 /* get the generic lsa account SD for this SIDuntil we store it */2256 /* get the generic lsa account SD until we store it */ 2249 2257 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, 2250 2258 &lsa_account_mapping, 2251 r->in.sid, LSA_ACCOUNT_ALL_ACCESS);2259 NULL, 0); 2252 2260 if (!NT_STATUS_IS_OK(status)) { 2253 2261 return status;
Note:
See TracChangeset
for help on using the changeset viewer.