[USN-5174-2] Samba regression
marc.deslauriers at canonical.com
Mon Dec 13 20:29:32 UTC 2021
Ubuntu Security Notice USN-5174-2
December 13, 2021
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
USN-5174-1 introduced a regression in Samba.
- samba: SMB/CIFS file, print, and login server for Unix
USN-5174-1 fixed vulnerabilities in Samba. Some of the changes introduced a
regression in Kerberos authentication in certain environments.
Please see the following upstream bug for more information:
This update fixes the problem.
Original advisory details:
Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client
connections. A remote attacker could possibly use this issue to downgrade
connections to plaintext authentication. (CVE-2016-2124)
Andrew Bartlett discovered that Samba incorrectly mapping domain users to
local users. An authenticated attacker could possibly use this issue to
become root on domain members. (CVE-2020-25717)
Andrew Bartlett discovered that Samba did not properly check sensitive
attributes. An authenticated attacker could possibly use this issue to
escalate privileges. (CVE-2020-25722)
Joseph Sutton discovered that Samba incorrectly handled certain TGS
requests. An authenticated attacker could possibly use this issue to cause
Samba to crash, resulting in a denial of service. (CVE-2021-3671)
The fix for CVE-2020-25717 results in possible behaviour changes that could
affect certain environments. Please see the upstream advisory for more
The problem can be corrected by updating your system to the following
Ubuntu 18.04 LTS:
In general, a standard system update will make all the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-security-announce