Fixes:
CVE-2016-2118 - A man in the middle can intercept any DCERPC traffic
between a client and a server in order toimpersonate the client and get
the same privileges as the authenticated user account.
CVE-2016-2115 - The protection of DCERPC communication over ncacn_np
(which is the default for most the file server related protocols) is
inherited from the underlying SMB connection. Samba doesn't enforce SMB
signing for this kind of SMB connections by default, which makes man in
the middle attacks possible.
CVE-2016-2114 - Due to a bug Samba doesn't enforce required smb signing,
even if explicitly configured.
CVE-2016-2113 - Man in the middle attacks are possible for client
triggered LDAP connections (with ldaps://) and ncacn_http connections
(with https://).
CVE-2016-2112 - A man in the middle is able to downgrade LDAP
connections to no integrity protection. It's possible to attack client
and server with this.
CVE-2016-2111 - When Samba is configured as Domain Controller it allows
remote attackers to spoof the computer name of a secure channel's
endpoints, and obtain sensitive session information, by running a
crafted application and leveraging the ability to sniff network traffic.
CVE-2016-2110 - The feature negotiation of NTLMSSP is not downgrade
protected. A man in the middle is able to clear even required flags,
especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
CVE-2015-5370 - Errors in Samba DCE-RPC code can lead to denial of
service (crashes and high cpu consumption) and man in the middle
attacks.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libaio support is now automatic so drop the enable/disable (it will fall
back to pthread aio if libaio is not present).
0002-build-improve-stack-protector-check.patch is upstream so remove it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
CVE-2015-7560 - Authenticated client could cause Samba to overwrite ACLs
with incorrect owner/group.
CVE-2016-0771 - Malicious request can cause the Samba internal DNS
server to crash or unintentionally return uninitialized memory.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2015-7540 - Remote DoS in Samba (AD) LDAP server
CVE-2015-3223 - Denial of service in Samba Active Directory server
CVE-2015-5252 - Insufficient symlink verification in smbd)
CVE-2015-5299 - Missing access control check in shadow copy code
CVE-2015-5296 - Samba client requesting encryption vulnerable to
downgrade attack
CVE-2015-8467 - Denial of service attack against Windows Active
Directory server
CVE-2015-5330 - Remote memory read in Samba LDAP server
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now with support for AD DC, ADS and clustering features.
All dropped patches are upstream.
[Thomas: move indentation fixes to a separate patch.]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-8143 - dsdb-samldb: Check for extended access rights
before we allow changes to userAccountControl.
Also rename patches to new naming convention.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
