USN-1434-1: Samba vulnerability
Ubuntu Security Notice USN-1434-1
1st May, 2012
samba vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary
Samba could allow a user to gain administrative privileges to the Samba server.
Software description
- samba - SMB/CIFS file, print, and login server for Unix
Details
Ivano Cristofolini discovered that Samba incorrectly handled some Local
Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated
attacker could exploit this to grant administrative privileges to arbitrary
users. The administrative privileges could be used to bypass permission checks
performed by the Samba server.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 12.04 LTS:
- samba 2:3.6.3-2ubuntu2.1
- Ubuntu 11.10:
- samba 2:3.5.11~dfsg-1ubuntu2.3
- Ubuntu 11.04:
- samba 2:3.5.8~dfsg-1ubuntu2.5
- Ubuntu 10.04 LTS:
- samba 2:3.4.7~dfsg-1ubuntu3.10
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you may need to review the privileges of Samba
user accounts.