866225 – (CVE-2021-3670) <net-fs/samba-4.15.3: MaxQueryDuration not honoured in AD DC LDAP

Bug 866225 (CVE-2021-3670) - <net-fs/samba-4.15.3: MaxQueryDuration not honoured in AD DC LDAP

Summary: <net-fs/samba-4.15.3: MaxQueryDuration not honoured in AD DC LDAP

Status:	RESOLVED FIXED

Alias:	CVE-2021-3670

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://bugzilla.samba.org/show_bug.c...
Whiteboard:	B3 [glsa+]
Keywords:

Depends on:	832458
Blocks:
	Show dependency tree

Reported:	2022-08-23 20:11 UTC by John Helmert III
Modified:	2023-09-17 05:58 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-08-23 20:11:05 UTC

CVE-2021-3670:

MaxQueryDuration not honoured in Samba AD DC LDAP

This comes with a mess of patches, which all seem to be in 4.16.0:

https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f
https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81
https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803
https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049
https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002
https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b
https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393

RedHat's bug: https://bugzilla.redhat.com/show_bug.cgi?id=2077533

Comment 1 Larry the Git Cow gentoo-dev

2022-11-18 20:32:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=113dac10d0faa5b579d59cc8f9f17061b9208c6a

commit 113dac10d0faa5b579d59cc8f9f17061b9208c6a
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-11-18 20:24:11 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-11-18 20:24:18 +0000

    net-fs/samba: drop 4.14.13, 4.14.14
    
    Bug: https://bugs.gentoo.org/861512
    Bug: https://bugs.gentoo.org/866225
    Bug: https://bugs.gentoo.org/878273
    Bug: https://bugs.gentoo.org/880437
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-fs/samba/Manifest             |   2 -
 net-fs/samba/samba-4.14.13.ebuild | 342 --------------------------------------
 net-fs/samba/samba-4.14.14.ebuild | 333 -------------------------------------
 3 files changed, 677 deletions(-)

Comment 2 John Helmert III archtester

2023-01-06 17:55:05 UTC

Patches also made it into 4.15.3 according to: https://bugzilla.samba.org/show_bug.cgi?id=14694#c20

Comment 3 Larry the Git Cow gentoo-dev

2023-09-17 05:56:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=5bfe8198b2352fa0ac46dbc59d078650dc544a7e

commit 5bfe8198b2352fa0ac46dbc59d078650dc544a7e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-17 05:56:23 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-09-17 05:56:46 +0000

    [ GLSA 202309-06 ] Samba: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/820566
    Bug: https://bugs.gentoo.org/821688
    Bug: https://bugs.gentoo.org/830983
    Bug: https://bugs.gentoo.org/832433
    Bug: https://bugs.gentoo.org/861512
    Bug: https://bugs.gentoo.org/866225
    Bug: https://bugs.gentoo.org/869122
    Bug: https://bugs.gentoo.org/878273
    Bug: https://bugs.gentoo.org/880437
    Bug: https://bugs.gentoo.org/886153
    Bug: https://bugs.gentoo.org/903621
    Bug: https://bugs.gentoo.org/905320
    Bug: https://bugs.gentoo.org/910334
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202309-06.xml | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)