The branch, master has been updated via a2265c7 Announce Samba 4.1.16 and 4.0.24. from cedbc64 Announce Samba 4.1.15.
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a2265c7b87efc1663c6e45aae86eeac3eccf49ea Author: Karolin Seeger <ksee...@samba.org> Date: Thu Jan 15 10:39:13 2015 +0100 Announce Samba 4.1.16 and 4.0.24. Signed-off-by: Karolin Seeger <ksee...@samba.org> ----------------------------------------------------------------------- Summary of changes: generated_news/latest_10_bodies.html | 37 ++++++------- generated_news/latest_10_headlines.html | 6 +-- generated_news/latest_2_bodies.html | 32 ++++++----- history/header_history.html | 2 + history/samba-4.0.24.html | 42 +++++++++++++++ history/samba-4.1.16.html | 42 +++++++++++++++ history/security.html | 15 ++++++ latest_stable_release.html | 6 +-- security/CVE-2014-8143.html | 94 +++++++++++++++++++++++++++++++++ 9 files changed, 239 insertions(+), 37 deletions(-) create mode 100755 history/samba-4.0.24.html create mode 100755 history/samba-4.1.16.html create mode 100644 security/CVE-2014-8143.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 41a028c..b5495a7 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,22 @@ + <h5><a name="4.1.16">15 January 2015</a></h5> + <p class="headline">Samba 4.1.16 and 4.0.24 <b>Security + Releases</b> Available for Download</p> + <p>Theseiare security releases in order to address + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143">CVE-2014-8143</a> + (<b>Elevation of privilege to Active Directory Domain Controller</b>). + </p> + + <p>The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA).</p> + <p> + The source code can be downloaded here: + <li><a href="http://samba.org/samba/ftp/stable/samba-4.1.16.tar.gz">download + Samba 4.1.16</a>,</li> + <li><a href="http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz">download + Samba 4.0.24</a>.</li> + </p> + + <h5><a name="4.1.15">12 January 2015</a></h5> <p class="headline">Samba 4.1.15 Available for Download</p> <p>This is the latest stable release of the Samba 4.1 series.</p> @@ -110,21 +129,3 @@ now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.1.11-4.1.12.diffs patch against Samba 4.1.11</a> is also available. See <a href="http://samba.org/samba/history/samba-4.1.12.html"> the release notes for more info</a>.</p> - - <h5><a name="4.1.11">01 August 2014</a></h5> - <p class="headline">Samba 4.1.11 and 4.0.21 <b>Security - Releases</b> Available for Download</p> - <p>These are security releases in order to address - <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560">CVE-2014-3560</a> - (<b>Remote code execution in nmbd</b>). - </p> - - <p>The uncompressed tarballs and patch files have been signed - using GnuPG (ID 6568B7EA).</p> - <p> - The source code can be downloaded here: - <li><a href="http://samba.org/samba/ftp/stable/samba-4.1.11.tar.gz">download - Samba 4.1.11</a>,</li> - <li><a href="http://samba.org/samba/ftp/stable/samba-4.0.21.tar.gz">download - Samba 4.0.21</a>.</li> - </p> diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 58d8754..ba00525 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,7 @@ <ul> + <li> 15 January 2015 <a href="#4.1.16">Samba 4.1.16 and 4.0.24 Security + Releases Available for Download (CVE-2014-8143)</a></li> + <li> 12 January 2015 <a href="#4.1.15">Samba 4.1.15 Available for Download</a></li> <li> 20 December 2014 <a href="#4.2.0rc3">Samba 4.2.0rc3 Available for Download</a></li> @@ -16,7 +19,4 @@ <li> 15 September 2014 <a href="#4.0.22">Samba 4.0.22 Available for Download</a></li> <li> 08 September 2014 <a href="#4.1.12">Samba 4.1.12 Available for Download</a></li> - - <li> 01 August 2014 <a href="#4.1.11">Samba 4.1.11 and 4.0.21 Security - Releases Available for Download (CVE-2014-3560)</a></li> </ul> diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index c0bb851..03c66b3 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,22 @@ + <h5><a name="4.1.16">15 January 2015</a></h5> + <p class="headline">Samba 4.1.16 and 4.0.24 <b>Security + Releases</b> Available for Download</p> + <p>Theseiare security releases in order to address + <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143">CVE-2014-8143</a> + (<b>Elevation of privilege to Active Directory Domain Controller</b>). + </p> + + <p>The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA).</p> + <p> + The source code can be downloaded here: + <li><a href="http://samba.org/samba/ftp/stable/samba-4.1.16.tar.gz">download + Samba 4.1.16</a>,</li> + <li><a href="http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz">download + Samba 4.0.24</a>.</li> + </p> + + <h5><a name="4.1.15">12 January 2015</a></h5> <p class="headline">Samba 4.1.15 Available for Download</p> <p>This is the latest stable release of the Samba 4.1 series.</p> @@ -9,16 +28,3 @@ now</a>. A <a href="http://samba.org/samba/ftp/patches/patch-4.1.14-4.1.15.diffs patch against Samba 4.1.14</a> is also available. See <a href="http://samba.org/samba/history/samba-4.1.15.html"> the release notes for more info</a>.</p> - - - <h5><a name="4.2.0rc3">20 December 2014</a></h5> - <p class="headline">Samba 4.2.0rc3 Available for Download</p> - <p>This is the third release candidate of the upcoming Samba 4.2 release - series.</p> - -<p>The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -<a href="https://download.samba.org/pub/samba/rc/samba-4.2.0rc3.tar.gz">downloaded -now</a>. See <a href="https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc3.txt"> -the release notes for more info</a>.</p> - diff --git a/history/header_history.html b/history/header_history.html index 73d8dfe..59c4ae5 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -10,6 +10,7 @@ <li class="navSub"> <ul> <li><a href="/samba/security/CVE-2013-0454.html">CVE-2013-0454</a></li> + <li><a href="samba-4.1.16.html">samba-4.1.16</a></li> <li><a href="samba-4.1.15.html">samba-4.1.15</a></li> <li><a href="samba-4.1.14.html">samba-4.1.14</a></li> <li><a href="samba-4.1.13.html">samba-4.1.13</a></li> @@ -26,6 +27,7 @@ <li><a href="samba-4.1.2.html">samba-4.1.2</a></li> <li><a href="samba-4.1.1.html">samba-4.1.1</a></li> <li><a href="samba-4.1.0.html">samba-4.1.0</a></li> + <li><a href="samba-4.0.24.html">samba-4.0.24</a></li> <li><a href="samba-4.0.23.html">samba-4.0.23</a></li> <li><a href="samba-4.0.22.html">samba-4.0.22</a></li> <li><a href="samba-4.0.21.html">samba-4.0.21</a></li> diff --git a/history/samba-4.0.24.html b/history/samba-4.0.24.html new file mode 100755 index 0000000..94802f1 --- /dev/null +++ b/history/samba-4.0.24.html @@ -0,0 +1,42 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 4.0.24 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 4.0.24 + January 15, 2015 + ============================== + + +This is a security release in order to address CVE-2014-8143 (Elevation +of privilege to Active Directory Domain Controller). + +o CVE-2014-8143: + Samba's AD DC allows the administrator to delegate + creation of user or computer accounts to specific users or groups. + + However, all released versions of Samba's AD DC did not implement the + additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the + userAccountControl attributes. + + +Changes since 4.0.23: +--------------------- + +o Andrew Bartlett <abart...@samba.org> + * BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access + rights before we allow changes to userAccountControl. +</pre> + +</body> +</html> diff --git a/history/samba-4.1.16.html b/history/samba-4.1.16.html new file mode 100755 index 0000000..2be7eec --- /dev/null +++ b/history/samba-4.1.16.html @@ -0,0 +1,42 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Release Notes Archive</title> +</head> + +<body> + + <H2>Samba 4.1.16 Available for Download</H2> + +<p> +<pre> + ============================== + Release Notes for Samba 4.1.16 + January 15, 2015 + ============================== + + +This is a security release in order to address CVE-2014-8143 (Elevation +of privilege to Active Directory Domain Controller). + +o CVE-2014-8143: + Samba's AD DC allows the administrator to delegate + creation of user or computer accounts to specific users or groups. + + However, all released versions of Samba's AD DC did not implement the + additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the + userAccountControl attributes. + + +Changes since 4.1.15: +--------------------- + +o Andrew Bartlett <abart...@samba.org> + * BUG 10993: CVE-2014-8143: dsdb-samldb: Check for extended access + rights before we allow changes to userAccountControl. +</pre> + +</body> +</html> diff --git a/history/security.html b/history/security.html index f2a5405..41be446 100755 --- a/history/security.html +++ b/history/security.html @@ -22,6 +22,21 @@ link to full release notes for each release.</p> </tr> <tr> + <td>15 Jan 2015</td> + <td><a href="/samba/ftp/patches/security/samba-4.1.15-CVE-2014-8143.patch"> + patch for Samba 4.1.15</a><br /> + <a href="/samba/ftp/patches/security/samba-4.0.23-CVE-2014-8143.patch"> + patch for Samba 4.0.23</a><br /> + <td>Elevation of privilege to Active Directory Domain Controller. + </td> + <td>4.0.0 - 4.1.15</td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143">CVE-2014-8143</a> + </td> + <td><a href="/samba/security/CVE-2014-8143">Announcement</a> + </td> + </tr> + + <tr> <td>01 Aug 2014</td> <td><a href="/samba/ftp/patches/security/samba-4.1.10-CVE-2014-3560.patch"> patch for Samba 4.1.10</a><br /> diff --git a/latest_stable_release.html b/latest_stable_release.html index fd16d8b..6a22e45 100644 --- a/latest_stable_release.html +++ b/latest_stable_release.html @@ -1,7 +1,7 @@ <!-- BEGIN: latest_stable_release.html --> <p> - <a href="/samba/ftp/stable/samba-4.1.15.tar.gz">Samba 4.1.15 (gzipped)</a><br> - <a href="/samba/history/samba-4.1.15.html">Release Notes</a> · - <a href="/samba/ftp/stable/samba-4.1.15.tar.asc">Signature</a> + <a href="/samba/ftp/stable/samba-4.1.16.tar.gz">Samba 4.1.16 (gzipped)</a><br> + <a href="/samba/history/samba-4.1.16.html">Release Notes</a> · + <a href="/samba/ftp/stable/samba-4.1.16.tar.asc">Signature</a> </p> <!-- END: latest_stable_release.html --> diff --git a/security/CVE-2014-8143.html b/security/CVE-2014-8143.html new file mode 100644 index 0000000..fe1c908 --- /dev/null +++ b/security/CVE-2014-8143.html @@ -0,0 +1,94 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2014-8143.html:</H2> + +<p> +<pre> +</pre> +=========================================================== +== Subject: CVE-2014-8143: Elevation of privilege to Active Directory Domain Controller +== +== CVE ID#: CVE-2014-8143 +== +== Versions: All versions of Samba's Active Directory Domain Controller +== (including 4.0.0 and all pre-releases) +== +== Summary: In Samba's AD DC we neglected to ensure that +== attempted modifications of the userAccountControl attribute +== did not allow the UF_SERVER_TRUST_ACCOUNT bit to be set. +== +== This is applicable only if the attribute is otherwise permitted +== to be modified. +== +=========================================================== + +=========== +Description +=========== + +Samba's AD DC allows the administrator to delegate +creation of user or computer accounts to specific users or groups. + +However, all released versions of Samba's AD DC did not implement the +additional required check on the UF_SERVER_TRUST_ACCOUNT bit in the +userAccountControl attributes. + +As this was found during an internal audit of the Samba code there are +no currently known exploits for this problem (as of January 15th 2015). + +======= +Caveats +======= + +Most Samba deployments are not of the AD Domain Controller, but are of +the classic domain controller, the file server or print server. Only +the AD DC is affected by this issue. + +Additionally, most sites running the AD Domain Controller do not +configure delegation for the creation of user or computer accounts, +and so are not vulnerable to this issue, as no writes are permitted to +the userAccountControl attribute, no matter what the value. + +================== +Patch Availability +================== + +Patches addressing all these issues have been posted to: + + http://www.samba.org/samba/security/ + +Samba versions 4.0.24, 4.1.16, and 4.2rc4 have been released to +address this issue. Patches for 3.x are not required, as these +do not contain the AD Domain Controller code. + +========== +Workaround +========== + +Do not delegate permission to create users or computers beyond the +default of Domain Administrators. + +======= +Credits +======= + +This problem was found by an internal audit of the Samba code by +Andrew Bartlett of Catalyst IT. Special thanks also go to Zentyal. + +Patches provided by Andrew Bartlett, Garming Sam of Catalyst IT and +the Samba team. + +========================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +========================================================== +</body> +</html> -- Samba Website Repository