4.262. samba

4.262.1. RHSA-2011:1221 — Moderate: samba and cifs-utils security and bug fix update

Updated samba and cifs-utils packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.

Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS (Common Internet File System) shares.

Security Fixes

CVE-2011-2694: A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session.
CVE-2011-2522: It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.
CVE-2011-2724: It was found that the fix for CVE-2010-0547, provided in the cifs-utils package included in the GA release of Red Hat Enterprise Linux 6, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially-crafted CIFS share mount request, if mount.cifs had the setuid bit set.
CVE-2011-1678: It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs.

Note: mount.cifs from the cifs-utils package distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs.

Red Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522.

Bug Fix

BZ#728517: If plain text passwords were used ("encrypt passwords = no" in "/etc/samba/smb.conf"), Samba clients running the Windows XP or Windows Server 2003 operating system may not have been able to access Samba shares after installing the Microsoft Security Bulletin MS11-043. This update corrects this issue, allowing such clients to use plain text passwords to access Samba shares.

Users of samba and cifs-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically.

4.262.2. RHBA-2011:1519 — samba bug fix update

Updated samba packages that fix multiple bugs are now available for Red Hat Enterprise Linux 6.

Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers).

BZ#713570: Previously, Samba did not correctly create user principal names for trusted domain users. As a result, joining Samba to a Windows domain using an account from a trusted domain did not work. With this update, composing the user principal name for Kerberos authentication has been fixed so that the bug no longer occurs.
BZ#709617: Previously, printers controlled by the Common Unix Printing System (CUPS) and shared by a Samba server did not display the information on "location", which was controlled by the CUPS server, on Windows clients. With this update, the bug has been fixed so that the information on "location" is now correctly displayed on Windows clients.
BZ#719355: Previously, Samba did not correctly support clients with plain text passwords. As a result, Windows clients were unable to connect to Samba with plain text passwords. With this update, Samba support for plain text passwords has been fixed.
BZ#703393: Previously, when a paper format on a Samba shared printer was selected from a Windows client, this selection was not saved properly on the Samba server. As a result, changing printer properties had no effect. With this update, the bug has been fixed so that the printer properties are now saved, as expected.
BZ#725281: Previously, in certain environments with many users, the pam_winbind module stopped operating. As a result, there were failures encountered if users attempted to log in. With this update, the bug has been fixed so that pam_winbind now works, as expected.
BZ#741934: Previously, Winbind did not recover from network connection failures after an unsuccessful user authentication. As a result, Winbind had to be restarted for users to be able to retry the authentication process. With this update, the bug has been fixed so that users are now able to retry the authentication process without restarting Winbind.
BZ#709070: Previously, there were performance problems with print servers that served a large number of printers. As a result, clients had to wait a long time to be able to use printers shared on a Samba server. With this update, the performance problems with print servers have been fixed.
BZ#740832: If Linux clients used the Common Internet File System (CIFS) client in the kernel to mount a Samba share, the force create mode parameter was not honored properly. As a result, files created on a mounted Samba share did not properly follow the umask parameter, and files with undesired permissions were created. With this update, the bug has been fixed and no longer occurs.
BZ#743892: Previously, Windows Internet Explorer 9 running on Microsoft Windows 7 was unable to download files onto a Samba share. With this update, the bug has been fixed and no longer occurs
BZ#709641: Previously, Winbind was not able to correctly retrieve user and group information from a Windows server. As a result, Winbind was unable to expose users and groups on the local system. This bug has been fixed in this update.
BZ#705123: Previously, if Winbind was used to provide MS-CHAPv2 authentication for FreeRadius, an invalid session key was used. As a result, users with MS-CHAPv2 authentication were unable to authenticate. With this update, this bug has been fixed so that MS-CHAPv2 authentication for FreeRadius now works as expected.
BZ#739186: Previously, certain Samba components logged a large number of unimportant internal messages to the system log. This bug has been fixed in this update by increasing the log level for the log messages.
BZ#737810: Previously, the net(8) man page did not document Kerberos authentication. This bug has been fixed by adding the missing documentation to the man page.
BZ#693136: If a printer driver was installed on a Samba server, there was a failure encountered on the Windows client. As a result, driver settings were not properly initialized and the printer did not work properly. With this update, the bug has been fixed so that the printer driver installation now works as expected.
BZ#737808: Previously, the net utility used for joining the Windows domains did not use the existing Kerberos credential cache. As a result, users were unable to reuse their existing tickets to join the Windows domains with Kerberos. With this update, the net utility has been fixed so that it now uses existing tickets from the default credential cache.
BZ#691423: When registering the Domain Name System (DNS) names, certain Samba utilities aborted the DNS registration if Samba tried to contact a disconnected DNS name server. With this update, Samba has been fixed so that it skips those DNS name servers that are not available on the network.
BZ#652609: Previously, the man pages for certain Samba components did not document that if the Windows Services for UNIX (SFU) are enabled, or if the standard RFC 2307 LDAP attributes in the Active Directory (AD) are used, primary group membership is not calculated based on the gidNumber LDAP attribute. Instead, Winbind uses the primaryGroupID LDAP attribute. As a result, setting the gidNumber attribute in AD has no effect for accounts if Winbind is used. With this update, the man pages have been updated accordingly to reflect the aforementioned limitation.
BZ#748325: Previously, extracting files from a ZIP archive failed on the Distributed File System (DFS) shares if the follow symlinks = yes parameter was not set. This bug has been fixed in this update so that extracting files from the ZIP archive now works as expected.

All users of samba should upgrade to these updated packages, which fix these bugs.