[3.4] samba: security issues (CVE-2015-7560, CVE-2016-0771)
CVE-2015-7560 Incorrect ACL get/set allowed on symlink path
All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable
to
a malicious client overwriting the ownership of ACLs using symlinks.
An authenticated malicious client can use SMB1 UNIX extensions to
create a symlink to a file or directory, and then use non-UNIX SMB1
calls to overwrite the contents of the ACL on the file or directory
linked to.
Update to 4.1.23 or 4.2.9
References:
https://www.samba.org/samba/security/CVE-2015-7560.html
CVE-2016-0771: Out-of-bounds read in internal DNS server
All versions of Samba from 4.0.0 to 4.4.0rc2 inclusive, when deployed as
an AD DC and
choose to run the internal DNS server, are vulnerable to an
out-of-bounds read issue
during DNS TXT record handling caused by users with permission to modify
DNS records.
A malicious client can upload a specially constructed DNS TXT record,
resulting in a
remote denial-of-service attack. As long as the affected TXT record
remains undisturbed
in the Samba database, a targeted DNS query may continue to trigger this
exploit.
While unlikely, the out-of-bounds read may bypass safety checks and
allow leakage
of memory from the server in the form of a DNS TXT reply.
Update to 4.1.23 or 4.2.9
References:
https://www.samba.org/samba/security/CVE-2016-0771.html
(from redmine: issue id 5272, created on 2016-03-14, closed on 2016-06-15)
- Relations:
- parent #5271 (closed)
- Changesets:
- Revision e44afa81 on 2016-03-15T11:43:54Z:
main/samba: security upgrade to 4.2.9 (CVE-2015-7560, CVE-2016-0771). Fixes #5272