| Summary: | samba 4.10.8 (including fix of CVE-2019-10197) | ||
|---|---|---|---|
| Product: | [ROSA-based products] ROSA Fresh | Reporter: | Zombie Ryushu <zombie.ryushu> |
| Component: | Net (ssh, samba, ssl, NM...) | Assignee: | ROSA Linux Bugs <bugs> |
| Status: | VERIFIED FIXED | QA Contact: | ROSA Linux Bugs <bugs> |
| Severity: | normal | ||
| Priority: | Normal | CC: | alzim, andrey.bondrov, denis.silakov, m.novosyolov, mc2374, v.potapov |
| Version: | All | Flags: | v.potapov:
qa_verified+
andrey.bondrov: published+ |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.samba.org/samba/history/samba-4.10.7.html | ||
| Whiteboard: | |||
| Platform: | --- | ROSA Vulnerability identifier: | CVE-2019-10197 |
| RPM Package: | samba | ISO-related: | |
| Bad POT generating: | Upstream: | ||
|
Description
Zombie Ryushu
2019-08-22 17:56:49 MSK
Escalation. ======= Details ======= o CVE-2019-10197: Under certain parameter configurations, when an SMB client accesses a network share and the user does not have permission to access the share root directory, it is possible for the user to escape from the share to see the complete '/' filesystem. Unix permission checks in the kernel are still enforced. Changes since 4.10.7: --------------------- o Jeremy Allison <jra@samba.org> * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. o Stefan Metzmacher <metze@samba.org> * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape from the share. This update needs to be expedited. There is a database corruption issue. Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition (CVE-2019-10197). An authenticated user can crash the Samba AD DC's RPC server process via a NULL pointer dereference (CVE-2019-12435) An user with read access to the directory can cause a NULL pointer dereference using the paged search control (CVE-2019-12436). For other fixes in this update, see the referenced changelogs. ******* QA ADVISORY ******* samba 4.10.6 -> 4.10.8 + https://abf.io/build_lists/3098141 + https://abf.io/build_lists/3098140 P.S. Thanks for reporting. Please don't use '[UPDATE REQUEST]' in bugs for me — I've filtered such emails into a separate folder, because, when email subject starts with "[UPDATE REQUEST]", I don't see full subject in the list of emails in Thunderbird and can't understand what it is about. The update is sent to expanded testing **************************************** samba-4.10.8-1 https://abf.io/build_lists/3098141 https://abf.io/build_lists/3098140 ******************************** Advisory *************************** samba 4.10.6 -> 4.10.8 with fix CVE-2019-10197, CVE-2019-12435, CVE-2019-12436. ********************************************************************* QA Verified The update was successful, but I still have my database corruption issue.
Checking 313 objects
ERROR(<type 'exceptions.ValueError'>): uncaught exception - unable to parse dn string
File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 163, in run
controls=controls, attrs=attrs)
File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 257, in check_database
error_count += self.check_object(object.dn, attrs=attrs)
File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 2512, in check_object
expected_dn = ldb.Dn(self.samdb, "RDN=RDN,%s" % (parent_dn))
Can you please report it (https://bugzilla.rosalinux.ru/show_bug.cgi?id=10068) to upstream at https://bugzilla.samba.org/ ? I currently don't have time to investigate this fully due to working with other packages and tasks. Add me to CC in bug in samba's bugzilla. |