The branch, master has been updated via 358e1a3 NEWS[4.6.1]: Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download from 68ec05c update archives site
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 358e1a36512d38b5acc4fb4dbc390a621d3f6b83 Author: Karolin Seeger <ksee...@samba.org> Date: Thu Mar 23 09:20:22 2017 +0100 NEWS[4.6.1]: Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download Signed-off-by: Karolin Seeger <ksee...@samba.org> ----------------------------------------------------------------------- Summary of changes: history/header_history.html | 3 + history/samba-4.4.12.html | 70 +++++++++++++++++++ history/samba-4.5.7.html | 70 +++++++++++++++++++ history/samba-4.6.1.html | 70 +++++++++++++++++++ history/security.html | 17 +++++ posted_news/20170323-082106.4.6.1.body.html | 22 ++++++ posted_news/20170323-082106.4.6.1.headline.html | 4 ++ security/CVE-2017-2619.html | 93 +++++++++++++++++++++++++ 8 files changed, 349 insertions(+) create mode 100644 history/samba-4.4.12.html create mode 100644 history/samba-4.5.7.html create mode 100644 history/samba-4.6.1.html create mode 100644 posted_news/20170323-082106.4.6.1.body.html create mode 100644 posted_news/20170323-082106.4.6.1.headline.html create mode 100644 security/CVE-2017-2619.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 46b504a..ffb1956 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,7 +9,9 @@ <li><a href="/samba/history/">Release Notes</a> <li class="navSub"> <ul> + <li><a href="samba-4.6.1.html">samba-4.6.1</a></li> <li><a href="samba-4.6.0.html">samba-4.6.0</a></li> + <li><a href="samba-4.5.7.html">samba-4.5.7</a></li> <li><a href="samba-4.5.6.html">samba-4.5.6</a></li> <li><a href="samba-4.5.5.html">samba-4.5.5</a></li> <li><a href="samba-4.5.4.html">samba-4.5.4</a></li> @@ -17,6 +19,7 @@ <li><a href="samba-4.5.2.html">samba-4.5.2</a></li> <li><a href="samba-4.5.1.html">samba-4.5.1</a></li> <li><a href="samba-4.5.0.html">samba-4.5.0</a></li> + <li><a href="samba-4.4.12.html">samba-4.4.12</a></li> <li><a href="samba-4.4.11.html">samba-4.4.11</a></li> <li><a href="samba-4.4.10.html">samba-4.4.10</a></li> <li><a href="samba-4.4.9.html">samba-4.4.9</a></li> diff --git a/history/samba-4.4.12.html b/history/samba-4.4.12.html new file mode 100644 index 0000000..935090e --- /dev/null +++ b/history/samba-4.4.12.html @@ -0,0 +1,70 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Samba 4.4.12 - Release Notes</title> +</head> +<body> +<H2>Samba 4.4.12 Available for Download</H2> +<p> +<a href="https://download.samba.org/pub/samba/stable/samba-4.4.12.tar.gz">Samba 4.4.12 (gzipped)</a><br> +<a href="https://download.samba.org/pub/samba/stable/samba-4.4.12.tar.asc">Signature</a> +</p> +<p> +<a href="https://download.samba.org/pub/samba/patches/samba-4.4.11-4.4.12.diffs.gz">Patch (gzipped) against Samba 4.4.11</a><br> +<a href="https://download.samba.org/pub/samba/patches/samba-4.4.11-4.4.12.diffs.asc">Signature</a> +</p> +<p> +<pre> + ============================== + Release Notes for Samba 4.4.12 + March 23, 2017 + ============================== + + +This is a security release in order to address the following defect: + +o CVE-2017-2619 (Symlink race allows access outside share definition) + +======= +Details +======= + +o CVE-2017-2619: + All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to + a malicious client using a symlink race to allow access to areas of + the server file system not exported under the share definition. + + Samba uses the realpath() system call to ensure when a client requests + access to a pathname that it is under the exported share path on the + server file system. + + Clients that have write access to the exported part of the file system + via SMB1 unix extensions or NFS to create symlinks can race the server + by renaming a realpath() checked path and then creating a symlink. If + the client wins the race it can cause the server to access the new + symlink target after the exported share path check has been done. This + new symlink target can point to anywhere on the server file system. + + This is a difficult race to win, but theoretically possible. Note that + the proof of concept code supplied wins the race reliably only when + the server is slowed down using the strace utility running on the + server. Exploitation of this bug has not been seen in the wild. + + +Changes since 4.4.11: +--------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + +o Ralph Boehme <s...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + + +</pre> +</p> +</body> +</html> diff --git a/history/samba-4.5.7.html b/history/samba-4.5.7.html new file mode 100644 index 0000000..48a72d3 --- /dev/null +++ b/history/samba-4.5.7.html @@ -0,0 +1,70 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Samba 4.5.7 - Release Notes</title> +</head> +<body> +<H2>Samba 4.5.7 Available for Download</H2> +<p> +<a href="https://download.samba.org/pub/samba/stable/samba-4.5.7.tar.gz">Samba 4.5.7 (gzipped)</a><br> +<a href="https://download.samba.org/pub/samba/stable/samba-4.5.7.tar.asc">Signature</a> +</p> +<p> +<a href="https://download.samba.org/pub/samba/patches/samba-4.5.6-4.5.7.diffs.gz">Patch (gzipped) against Samba 4.5.6</a><br> +<a href="https://download.samba.org/pub/samba/patches/samba-4.5.6-4.5.7.diffs.asc">Signature</a> +</p> +<p> +<pre> + ============================= + Release Notes for Samba 4.5.7 + March 23, 2017 + ============================= + + +This is a security release in order to address the following defect: + +o CVE-2017-2619 (Symlink race allows access outside share definition) + +======= +Details +======= + +o CVE-2017-2619: + All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to + a malicious client using a symlink race to allow access to areas of + the server file system not exported under the share definition. + + Samba uses the realpath() system call to ensure when a client requests + access to a pathname that it is under the exported share path on the + server file system. + + Clients that have write access to the exported part of the file system + via SMB1 unix extensions or NFS to create symlinks can race the server + by renaming a realpath() checked path and then creating a symlink. If + the client wins the race it can cause the server to access the new + symlink target after the exported share path check has been done. This + new symlink target can point to anywhere on the server file system. + + This is a difficult race to win, but theoretically possible. Note that + the proof of concept code supplied wins the race reliably only when + the server is slowed down using the strace utility running on the + server. Exploitation of this bug has not been seen in the wild. + + +Changes since 4.5.6: +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + +o Ralph Boehme <s...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + + +</pre> +</p> +</body> +</html> diff --git a/history/samba-4.6.1.html b/history/samba-4.6.1.html new file mode 100644 index 0000000..82f903d --- /dev/null +++ b/history/samba-4.6.1.html @@ -0,0 +1,70 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<title>Samba 4.6.1 - Release Notes</title> +</head> +<body> +<H2>Samba 4.6.1 Available for Download</H2> +<p> +<a href="https://download.samba.org/pub/samba/stable/samba-4.6.1.tar.gz">Samba 4.6.1 (gzipped)</a><br> +<a href="https://download.samba.org/pub/samba/stable/samba-4.6.1.tar.asc">Signature</a> +</p> +<p> +<a href="https://download.samba.org/pub/samba/patches/samba-4.6.0-4.6.1.diffs.gz">Patch (gzipped) against Samba 4.6.0</a><br> +<a href="https://download.samba.org/pub/samba/patches/samba-4.6.0-4.6.1.diffs.asc">Signature</a> +</p> +<p> +<pre> + ============================= + Release Notes for Samba 4.6.1 + March 23, 2017 + ============================= + + +This is a security release in order to address the following defect: + +o CVE-2017-2619 (Symlink race allows access outside share definition) + +======= +Details +======= + +o CVE-2017-2619: + All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to + a malicious client using a symlink race to allow access to areas of + the server file system not exported under the share definition. + + Samba uses the realpath() system call to ensure when a client requests + access to a pathname that it is under the exported share path on the + server file system. + + Clients that have write access to the exported part of the file system + via SMB1 unix extensions or NFS to create symlinks can race the server + by renaming a realpath() checked path and then creating a symlink. If + the client wins the race it can cause the server to access the new + symlink target after the exported share path check has been done. This + new symlink target can point to anywhere on the server file system. + + This is a difficult race to win, but theoretically possible. Note that + the proof of concept code supplied wins the race reliably only when + the server is slowed down using the strace utility running on the + server. Exploitation of this bug has not been seen in the wild. + + +Changes since 4.6.0: +-------------------- + +o Jeremy Allison <j...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + +o Ralph Boehme <s...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + + +</pre> +</p> +</body> +</html> diff --git a/history/security.html b/history/security.html index c484c78..13e743d 100755 --- a/history/security.html +++ b/history/security.html @@ -22,6 +22,23 @@ link to full release notes for each release.</p> </tr> <tr> + <td>23 Mar 2017</td> + <td><a href="/samba/ftp/patches/security/samba-4.6.0-CVE-2017-2619.patch"> + patch for Samba 4.6.0</a><br /> + <a href="/samba/ftp/patches/security/samba-4.5.6-CVE-2017-2619.patch"> + patch for Samba 4.5.6</a><br /> + <a href="/samba/ftp/patches/security/samba-4.4.11-CVE-2017-2619.patch"> + patch for Samba 4.4.11</a><br /> + <td>Symlink race allows access outside share definition. + </td> + <td>All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12</td> + <td><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2619">CVE-2017-2619</a> + </td> + <td><a href="/samba/security/CVE-2017-2619.html">Announcement</a> + </td> + </tr> + + <tr> <td>19 Dec 2016</td> <td><a href="/samba/ftp/patches/security/samba-4.5.2-security-20016-12-19.patch"> patch for Samba 4.5.2</a><br /> diff --git a/posted_news/20170323-082106.4.6.1.body.html b/posted_news/20170323-082106.4.6.1.body.html new file mode 100644 index 0000000..dec66e5 --- /dev/null +++ b/posted_news/20170323-082106.4.6.1.body.html @@ -0,0 +1,22 @@ +<!-- BEGIN: posted_news/20170323-082106.4.6.1.body.html --> +<h5><a name="4.6.1">23 March 2017</a></h5> +<p class=headline>Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download</p> +<p> +These are Security Releases in order to address +<a href="/samba/security/CVE-2017-2619.html">CVE-2017-2619</a> (Symlink race allows access outside share definition). +</p> +<p> +The uncompressed Samba tarballs have been signed using GnuPG (ID 6568B7EA).<br> +The 4.6.1 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.6.1.tar.gz">downloaded now</a>. +A <a href="https://download.samba.org/pub/samba/patches/samba-4.6.0-4.6.1.diffs.gz">patch against Samba 4.6.0</a> is also available. +See <a href="https://www.samba.org/samba/history/samba-4.6.1.html">the 4.6.1 release notes for more info</a>. +<br> +The 4.5.7 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.5.7.tar.gz">downloaded now</a>. +A <a href="https://download.samba.org/pub/samba/patches/patch-4.5.6-4.5.7.diffs.gz">patch against Samba 4.5.6</a> is also available. +See <a href="https://www.samba.org/samba/history/samba-4.5.7.html">the 4.5.7 release notes for more info</a>. +<br> +The 4.4.12 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.4.12.tar.gz">downloaded now</a>. +A <a href="https://download.samba.org/pub/samba/patches/patch-4.4.11-4.4.12.diffs.gz">patch against Samba 4.4.11</a> is also available. +See <a href="https://www.samba.org/samba/history/samba-4.4.11.html">the 4.4.11 release notes for more info</a>. +</p> +<!-- END: posted_news/20170323-082106.4.6.1.body.html --> diff --git a/posted_news/20170323-082106.4.6.1.headline.html b/posted_news/20170323-082106.4.6.1.headline.html new file mode 100644 index 0000000..203e774 --- /dev/null +++ b/posted_news/20170323-082106.4.6.1.headline.html @@ -0,0 +1,4 @@ +<!-- BEGIN: posted_news/20170323-082106.4.6.1.headline.html --> +<li> 23 March 2017 <a href="#4.6.1">Samba 4.6.1, 4.5.7 and 4.4.12 Security + Releases Available for Download</a></li> +<!-- END: posted_news/20170323-082106.4.6.1.headline.html --> diff --git a/security/CVE-2017-2619.html b/security/CVE-2017-2619.html new file mode 100644 index 0000000..db8fc8f --- /dev/null +++ b/security/CVE-2017-2619.html @@ -0,0 +1,93 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2017-2619.html:</H2> + +<p> +<pre> +==================================================================== +== Subject: Symlink race allows access outside share definition. +== +== CVE ID#: CVE-2017-2619 +== +== Versions: All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 +== +== Summary: A time-of-check, time-of-use race condition +== can allow clients to access non-exported parts +== of the file system via symlinks. +== +==================================================================== + +=========== +Description +=========== + +All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to +a malicious client using a symlink race to allow access to areas of +the server file system not exported under the share definition. + +Samba uses the realpath() system call to ensure when a client requests +access to a pathname that it is under the exported share path on the +server file system. + +Clients that have write access to the exported part of the file system +via SMB1 unix extensions or NFS to create symlinks can race the server +by renaming a realpath() checked path and then creating a symlink. If +the client wins the race it can cause the server to access the new +symlink target after the exported share path check has been done. This +new symlink target can point to anywhere on the server file system. + +This is a difficult race to win, but theoretically possible. Note that +the proof of concept code supplied wins the race reliably only when +the server is slowed down using the strace utility running on the +server. Exploitation of this bug has not been seen in the wild. + +================== +Patch Availability +================== + +A patch addressing this defect has been posted to + + http://www.samba.org/samba/security/ + +Additionally, Samba 4.6.1, 4.5.7 and 4.4.12 have been issued as +security releases to correct the defect. Patches against older Samba +versions are available at http://samba.org/samba/patches/. Samba +vendors and administrators running affected versions are advised to +upgrade or apply the patch as soon as possible. + +========== +Workaround +========== + +Add the parameter: + +unix extensions = no + +to the [global] section of your smb.conf and restart smbd. This +prevents SMB1 clients from creating symlinks on the exported file +system using SMB1. + +However, if the same region of the file system is also exported using +NFS, NFS clients can create symlinks that potentially can also hit the +race condition. For non-patched versions of Samba we recommend only +exporting areas of the file system by either SMB or NFS, not both. + +======= +Credits +======= + +This problem was found by Jann Horn of Google. Jeremy Allison, of +Google and the Samba Team, and Ralph Boehme of SerNet and the Samba +Team provided the fix. Code review was performed by Uri Simchoni of +CTERA Networks and the Samba Team. +</pre> +</body> +</html> -- Samba Website Repository