Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702928 (CVE-2019-14861, CVE-2019-14870) - <net-fs/samba-4.9.17: multiple vulnerabilities (CVE-2019-{14861,14870})
Summary: <net-fs/samba-4.9.17: multiple vulnerabilities (CVE-2019-{14861,14870})
Status: IN_PROGRESS
Alias: CVE-2019-14861, CVE-2019-14870
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa? stable]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-14 21:32 UTC by GLSAMaker/CVETool Bot
Modified: 2019-12-17 13:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-14 21:32:45 UTC
CVE-2019-14861 (https://nvd.nist.gov/vuln/detail/CVE-2019-14861):
  All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x
  before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe
  provides administrative facilities to modify DNS records and zones. Samba,
  when acting as an AD DC, stores DNS records in LDAP. In AD, the default
  permissions on the DNS partition allow creation of new records by
  authenticated users. This is used for example to allow machines to
  self-register in DNS. If a DNS record was created that case-insensitively
  matched the name of the zone, the ldb_qsort() and dns_name_compare()
  routines could be confused into reading memory prior to the list of DNS
  entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and
  so following invalid memory as a pointer.

CVE-2019-14870 (https://nvd.nist.gov/vuln/detail/CVE-2019-14870):
  All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x
  before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation
  model includes a feature allowing for a subset of clients to be opted out of
  constrained delegation in any way, either S4U2Self or regular Kerberos
  authentication, by forcing all tickets for these clients to be
  non-forwardable. In AD this is implemented by a user attribute
  delegation_not_allowed (aka not-delegated), which translates to
  disallow-forwardable. However the Samba AD DC does not do that for S4U2Self
  and does set the forwardable flag even if the impersonated client has the
  not-delegated flag set.
Comment 1 Larry the Git Cow gentoo-dev 2019-12-17 13:50:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e5574cfdbc454b77bf24f6a88914eb57ff03b78

commit 6e5574cfdbc454b77bf24f6a88914eb57ff03b78
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-12-17 13:47:36 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-12-17 13:50:01 +0000

    net-fs/samba: Security bump to versions 4.9.17, 4.10.11 and 4.11.4
    
    Bug: https://bugs.gentoo.org/702928
    Package-Manager: Portage-2.3.82, Repoman-2.3.20
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-fs/samba/Manifest             |   3 +
 net-fs/samba/samba-4.10.11.ebuild | 315 ++++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.11.4.ebuild  | 311 +++++++++++++++++++++++++++++++++++++
 net-fs/samba/samba-4.9.17.ebuild  | 308 +++++++++++++++++++++++++++++++++++++
 4 files changed, 937 insertions(+)