Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title samba4 security and bug fix update
Informations
Name RHSA-2013:1543 First vendor Publication 2013-11-21
Vendor RedHat Last vendor Modification 2013-11-21
Severity (Vendor) Moderate Revision 02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124)

Note: This issue did not affect the default configuration of the Samba server.

This update fixes the following bugs:

* When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. (BZ#882338)

* Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected. (BZ#911264)

All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

911264 - libreplace.so => not found 984401 - CVE-2013-4124 samba: DoS via integer overflow when reading an EA list

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-1543.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19319
 
Oval ID: oval:org.mitre.oval:def:19319
Title: USN-1966-1 -- samba vulnerability
Description: Samba could be made to hang if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1966-1
CVE-2013-4124
Version: 5
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23548
 
Oval ID: oval:org.mitre.oval:def:23548
Title: RHSA-2014:0305: samba security update (Moderate)
Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2014:0305-00
CESA-2014:0305
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 13
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24306
 
Oval ID: oval:org.mitre.oval:def:24306
Title: ELSA-2014:0305: samba security update (Moderate)
Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family: unix Class: patch
Reference(s): ELSA-2014:0305-00
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 7
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25565
 
Oval ID: oval:org.mitre.oval:def:25565
Title: SUSE-SU-2013:1469-1 -- Security update for Samba
Description: The Samba server suite received a security update to fix a denial of service problem in integer wrap protection.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1469-1
CVE-2013-4124
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25668
 
Oval ID: oval:org.mitre.oval:def:25668
Title: RHSA-2013-1542: samba security, bug fix and enhancement update (Moderate)
Description: These updated samba packages include numerous bug fixes and one element.
Family: unix Class: patch
Reference(s): RHSA-2013:1542-02
CESA-2013:1542
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25773
 
Oval ID: oval:org.mitre.oval:def:25773
Title: SUSE-SU-2013:1468-1 -- Security update for Samba
Description: The Samba server suite received a security update to fix a denial of service problem in integer wrap protection. (CVE-2013-4124). Additionally, the following stability fixes are included in this update: * Fix libreplace license ambiguity. (bnc#765270) * Document idmap_ad rfc2307 attribute requirements. (bnc#820531) * The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20. (bnc#806501). Security Issue reference: * CVE-2013-4124 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124 >
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1468-1
CVE-2013-4124
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26024
 
Oval ID: oval:org.mitre.oval:def:26024
Title: RHSA-2013:1543: samba4 security and bug fix update (Moderate)
Description: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family: unix Class: patch
Reference(s): RHSA-2013:1543-02
CESA-2013:1543
CVE-2013-4124
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26470
 
Oval ID: oval:org.mitre.oval:def:26470
Title: HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
Description: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4124
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26482
 
Oval ID: oval:org.mitre.oval:def:26482
Title: HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code
Description: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4124
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26876
 
Oval ID: oval:org.mitre.oval:def:26876
Title: DEPRECATED: ELSA-2014-0305 -- samba security update (moderate)
Description: [3.0.33-3.40.el5] - Security Release, fixes CVE-2013-0213 and CVE-2013-4124 - resolves: #1073350
Family: unix Class: patch
Reference(s): ELSA-2014-0305
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 4
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27199
 
Oval ID: oval:org.mitre.oval:def:27199
Title: RHSA-2013:1310 -- samba3x security and bug fix update (Moderate)
Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim&#39;s password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2013:1310
CESA-2013:1310
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27234
 
Oval ID: oval:org.mitre.oval:def:27234
Title: ELSA-2013-1542 -- samba security, bug fix, and enhancement update (moderate)
Description: [3.6.9-164] - resolves: #1008574 - Fix offline logon cache not updating for cross child domain group membership.
Family: unix Class: patch
Reference(s): ELSA-2013-1542
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27317
 
Oval ID: oval:org.mitre.oval:def:27317
Title: ELSA-2013-1543 -- samba4 security and bug fix update (moderate)
Description: [4.0.0-58.rc4] - Fix winbind lsat reconnection code, avoids ntlmv2-only session setup problems - resolves: #949993 [4.0.0-57.rc4] - resolves: #984809 - CVE-2013-4124: DoS via integer overflow when reading an EA list [4.0.0-56.rc4] - Fix libwbclient.so.0 symlink. - resolves: #882338 - Fix correct linking of libreplace with cmdline-credentials. - resolves: #911264
Family: unix Class: patch
Reference(s): ELSA-2013-1543
CVE-2013-4124
Version: 3
Platform(s): Oracle Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27443
 
Oval ID: oval:org.mitre.oval:def:27443
Title: ELSA-2013-1310 -- samba3x security and bug fix update (moderate)
Description: [3.6.6-0.136] - resolves: #984807 - CVE-2013-4124: DoS via integer overflow when reading an EA list
Family: unix Class: patch
Reference(s): ELSA-2013-1310
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 168
Os 4
Os 2
Os 2
Os 1

ExploitDB Exploits

id Description
2013-08-22 Samba nttrans Reply - Integer Overflow Vulnerability

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-08-08 IAVM : 2013-B-0082 - Samba Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0039910

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0723-1.nasl - Type : ACT_GATHER_INFO
2015-02-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201502-15.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_samba_20140102.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9132.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-651.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-644.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140317_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-12-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_samba_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2013-09-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1966-1.nasl - Type : ACT_GATHER_INFO
2013-09-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-130806.nasl - Type : ACT_GATHER_INFO
2013-09-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-130807.nasl - Type : ACT_GATHER_INFO
2013-08-15 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14355.nasl - Type : ACT_GATHER_INFO
2013-08-10 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e21c7c7a011611e39e833c970e169bc2.nasl - Type : ACT_GATHER_INFO
2013-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2013-14312.nasl - Type : ACT_GATHER_INFO
2013-08-08 Name : The remote Samba server is affected by a denial of service vulnerability.
File : samba_4_0_8.nasl - Type : ACT_GATHER_INFO
2013-08-07 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-218-03.nasl - Type : ACT_GATHER_INFO
2013-08-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-207.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-11-13 13:27:19
  • Multiple Updates
2014-02-17 11:57:35
  • Multiple Updates
2013-11-21 09:18:20
  • First insertion