Arch Linux Security Advisory ASA-201911-6
========================================
Severity: Medium
Date    : 2019-11-03
CVE-ID  : CVE-2019-10218 CVE-2019-14833 CVE-2019-14847
Package : samba
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1057

Summary
======
The package samba before version 4.10.10-1 is vulnerable to multiple
issues including arbitrary filesystem access, insufficient validation
and denial of service.

Resolution
=========
Upgrade to 4.10.10-1.

# pacman -Syu "samba>=4.10.10-1"

The problems have been fixed upstream in version 4.10.10.

Workaround
=========
None.

Description
==========
- CVE-2019-10218 (arbitrary filesystem access)

An issue has been found in Samba before 4.10.10 where a malicious
server can craft a pathname containing separators and return this to
client code, causing the client to use this access local pathnames for
reading or writing instead of SMB network pathnames.

- CVE-2019-14833 (insufficient validation)

A security issue has been found in Samba before 4.10.10, where the
check password script does not receive the full password string when
the password contains multi-byte (non-ASCII) characters.
Since Samba Version 4.5.0 a Samba AD DC can use a custom command to
verify the password complexity. The command can be specified with the
"check password script" smb.conf parameter. This command is called when
Samba handles a user password change or a new user password is set. The
script receives the new cleartext password string in order to run
custom password complexity checks like dictionary checks to avoid weak
user passwords. If the check password script parameter is not
specified, Samba runs the internal password quality checks. The
internal check makes sure that a password contains characters from
three of five different characters categories.

- CVE-2019-14847 (denial of service)

A denial of service has been found in Samba before 4.10.10, where userswith the "get changes" extended access right can crash the AD DC LDAP
server by requesting an attribute using the range= syntax.
By default, the supported versions of Samba impacted by this issue run
using the "standard" process model, which is unaffected. This is
controlled by the -M or --model parameter to the samba binary.
Unsupported Samba versions before Samba 4.7 use a single process for
the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are
impacted if -M prefork or -M single is used. To mitigate this issue,
select -M standard (the default).

Impact
=====
An attacker is able to access and write on files via arbitrary paths or
crash the application.

References
=========
https://www.samba.org/samba/security/CVE-2019-10218.html
https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch
https://www.samba.org/samba/security/CVE-2019-14833.html
https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch
https://www.samba.org/samba/security/CVE-2019-14847.html
https://security.archlinux.org/CVE-2019-10218
https://security.archlinux.org/CVE-2019-14833
https://security.archlinux.org/CVE-2019-14847

ArchLinux: 201911-6: samba: multiple issues

November 4, 2019

Summary

- CVE-2019-10218 (arbitrary filesystem access) An issue has been found in Samba before 4.10.10 where a malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames.
- CVE-2019-14833 (insufficient validation)
A security issue has been found in Samba before 4.10.10, where the check password script does not receive the full password string when the password contains multi-byte (non-ASCII) characters. Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the "check password script" smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The script receives the new cleartext password string in order to run custom password complexity checks like dictionary checks to avoid weak user passwords. If the check password script parameter is not specified, Samba runs the internal password quality checks. The internal check makes sure that a password contains characters from three of five different characters categories.
- CVE-2019-14847 (denial of service)
A denial of service has been found in Samba before 4.10.10, where userswith the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax. By default, the supported versions of Samba impacted by this issue run using the "standard" process model, which is unaffected. This is controlled by the -M or --model parameter to the samba binary. Unsupported Samba versions before Samba 4.7 use a single process for the LDAP server, and so are impacted. Samba 4.8, 4.9 and 4.10 are impacted if -M prefork or -M single is used. To mitigate this issue, select -M standard (the default).

Resolution

Upgrade to 4.10.10-1. # pacman -Syu "samba>=4.10.10-1"
The problems have been fixed upstream in version 4.10.10.

References

https://www.samba.org/samba/security/CVE-2019-10218.html https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch https://www.samba.org/samba/security/CVE-2019-14833.html https://download.samba.org/pub/samba/patches/security/samba-4.10.9-security-2019-10-29.patch https://www.samba.org/samba/security/CVE-2019-14847.html https://security.archlinux.org/CVE-2019-10218 https://security.archlinux.org/CVE-2019-14833 https://security.archlinux.org/CVE-2019-14847

Severity
Package : samba
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1057

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved