Mandriva Linux Security Advisory 2015-083 - Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). The updated packages provides a solution for these security issues.
b6781691dfb29aa5e6e3e339abaa996f02a7b1e269ae9c8c690e09e7e8f9ed2aSlackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix a security issue.
d460223d2ac3abb4361c3dadd8f8874b93c80a63a253ec7b5b6916c7c34bd4e6Ubuntu Security Notice 2481-1 - Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further.
026bae5f16a8316f55f7d8076927a930f035e43ceda09a24057037a4b553ae5c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed