Bug 3583 - [UPDATE REQUEST] [UPSTREAM UPDATE] samba4
: [UPDATE REQUEST] [UPSTREAM UPDATE] samba4
Status: RESOLVED FIXED
Product: Server Bugs
Classification: ROSA Server
Component: Main Packages
: unspecified
: All Linux
: Normal normal
: ---
Assigned To: Andrew Lukoshko
: ROSA Server Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-13 15:36 MSK by Andrew Lukoshko
Modified: 2014-01-16 06:12 MSK (History)
1 user (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
vladimir.potapov: secteam_verified?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Lukoshko 2014-01-13 15:36:25 MSK
A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408)

http://rhn.redhat.com/errata/RHSA-2013-1805.html

https://abf.rosalinux.ru/build_lists/1513326
https://abf.rosalinux.ru/build_lists/1513327
Comment 1 Vladimir Potapov 2014-01-16 06:12:35 MSK
samba4-4.0.0-60.res6.rc4
**************************** RHEL Advisory *************************
A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408)
********************************************************************
QA Verified