USN-1434-1: Samba vulnerability

1 May 2012

samba vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS

Summary

Samba could allow a user to gain administrative privileges to the Samba server.

Software Description

  • samba - SMB/CIFS file, print, and login server for Unix

Details

Ivano Cristofolini discovered that Samba incorrectly handled some Local Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated attacker could exploit this to grant administrative privileges to arbitrary users. The administrative privileges could be used to bypass permission checks performed by the Samba server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS
samba - 2:3.6.3-2ubuntu2.1
Ubuntu 11.10
samba - 2:3.5.11~dfsg-1ubuntu2.3
Ubuntu 11.04
samba - 2:3.5.8~dfsg-1ubuntu2.5
Ubuntu 10.04 LTS
samba - 2:3.4.7~dfsg-1ubuntu3.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you may need to review the privileges of Samba user accounts.

References