Bugzilla – Bug 848101
VUL-0: CVE-2013-4475: samba: No access check verification on stream files.
Last modified: 2014-06-25 07:10:00 UTC
OBS submissions openSUSE 13.1 https://build.opensuse.org/request/show/206497 openSUSE 12.3 https://build.opensuse.org/request/show/206498 openSUSE 12.2 https://build.opensuse.org/request/show/206499
This is an autogenerated message for OBS integration: This bug (848101) was mentioned in https://build.opensuse.org/request/show/206855 Factory / samba
openSUSE 13.1 https://build.opensuse.org/request/show/207064 This one supersedes 206497
This is an autogenerated message for OBS integration: This bug (848101) was mentioned in https://build.opensuse.org/request/show/207063 13.1 / samba
This is an autogenerated message for OBS integration: This bug (848101) was mentioned in https://build.opensuse.org/request/show/207722 Evergreen:11.2:Test / samba
This is an autogenerated message for OBS integration: This bug (848101) was mentioned in https://build.opensuse.org/request/show/207723 Maintenance /
openSUSE-SU-2013:1742-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 848101,848103,850656 CVE References: CVE-2013-4475,CVE-2013-4476 Sources used: openSUSE 13.1 (src): samba-4.1.0-3.8.1
is public https://www.samba.org/samba/security/CVE-2013-4475 https://bugzilla.samba.org/show_bug.cgi?id=10235 =========================================================== == Subject: ACLs are not checked on opening an alternate == data stream on a file or directory. == == CVE ID#: CVE-2013-4475 == == Versions: All versions of Samba later than 3.2.0 == == Summary: When opening an alternate data stream on a file == or directory, any Windows ACL present on that == underlying file or directory is not used to == control access to the alternate data stream. == =========================================================== =========== Description =========== Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying file or directory ACL when opening an alternate data stream. According to the SMB1 and SMB2+ protocols the ACL on an underlying file or directory should control what access is allowed to alternate data streams that are associated with the file or directory. By default no version of Samba supports alternate data streams on files or directories. Samba can be configured to support alternate data streams by loading either one of two virtual file system modues (VFS) vfs_streams_depot or vfs_streams_xattr supplied with Samba, so this bug only affects Samba servers configured this way. To determine if your server is vulnerable, check for the strings "streams_depot" or "streams_xattr" inside your smb.conf configuration file.
openSUSE-SU-2013:1787-1: An update that solves one vulnerability and has three fixes is now available. Category: security (moderate) Bug References: 817880,838472,848101,849226 CVE References: CVE-2013-4475 Sources used: openSUSE 12.3 (src): samba-3.6.12-59.13.1, samba-doc-3.6.12-59.13.1 openSUSE 12.2 (src): samba-3.6.7-48.28.1, samba-doc-3.6.7-48.28.1
openSUSE-SU-2013:1790-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 838472,848101,849226 CVE References: CVE-2013-4475 Sources used: openSUSE 11.4 (src): samba-3.6.3-130.2, samba-doc-3.6.3-130.2
This is an autogenerated message for OBS integration: This bug (848101) was mentioned in https://build.opensuse.org/request/show/208984 Evergreen:11.2 / samba
The SWAMPID for this issue is 55373. This issue was rated as important. Please submit fixed packages until 2013-12-16. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
This is an autogenerated message for OBS integration: This bug (848101) was mentioned in https://build.opensuse.org/request/show/210422 13.1 / samba
openSUSE-SU-2013:1921-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 844720,848101,848103,853021,853347 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4475,CVE-2013-4476 Sources used: openSUSE 13.1 (src): samba-4.1.3-3.12.1
done
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0024-1: An update that solves three vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 817880,838472,844720,848101,849226,853021,853347,854520 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4475 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): samba-3.6.3-0.46.1 SUSE Linux Enterprise Software Development Kit 11 SP2 (src): samba-3.6.3-0.33.39.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): samba-3.6.3-0.46.1, samba-doc-3.6.3-0.46.1 SUSE Linux Enterprise Server 11 SP3 (src): samba-3.6.3-0.46.1, samba-doc-3.6.3-0.46.1 SUSE Linux Enterprise Server 11 SP2 for VMware (src): samba-3.4.3-1.50.1, samba-3.6.3-0.33.39.1, samba-doc-3.6.3-0.33.39.1 SUSE Linux Enterprise Server 11 SP2 (src): samba-3.4.3-1.50.1, samba-3.6.3-0.33.39.1, samba-doc-3.6.3-0.33.39.1 SUSE Linux Enterprise Desktop 11 SP3 (src): samba-3.6.3-0.46.1, samba-doc-3.6.3-0.46.1 SUSE Linux Enterprise Desktop 11 SP2 (src): samba-3.4.3-1.50.1, samba-3.6.3-0.33.39.1, samba-doc-3.6.3-0.33.39.1
Update released for: ifolder3-enterprise, novell-afptcpd, novell-afptcpd-interfaces, novell-afptcpd-interfaces-32bit, novell-cifs, novell-cifs-interfaces, novell-cifs-interfaces-32bit, novell-iprint-iprntman, novell-migration-gui-base, novell-nrm, novell-oes-pure-ftpd, novell-oes-samba, novell-oes-samba-32bit, novell-oes-samba-cifs-mount, novell-oes-samba-client, novell-oes-samba-client-32bit, novell-oes-samba-krb-printing, novell-oes-samba-ldapsmb, novell-oes-samba-libldb1, novell-oes-samba-libnetapi0, novell-oes-samba-libsmbclient0, novell-oes-samba-libsmbclient0-32bit, novell-oes-samba-libsmbsharemodes0, novell-oes-samba-libtalloc1, novell-oes-samba-libtalloc1-32bit, novell-oes-samba-libtalloc2, novell-oes-samba-libtalloc2-32bit, novell-oes-samba-libtdb1, novell-oes-samba-libtdb1-32bit, novell-oes-samba-libtevent0, novell-oes-samba-libtevent0-32bit, novell-oes-samba-libwbclient0, novell-oes-samba-libwbclient0-32bit, novell-oes-samba-winbind, novell-oes-samba-winbind-32bit, novell-vigil-vlog, novell-xad-framework Products: Open-Enterprise-Server 11-SP2 (x86_64)
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2014-06-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/57622
Update released for: cifs-mount, ldapsmb, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtdb-devel, libtdb1, libwbclient-devel, libwbclient0, samba, samba-client, samba-debuginfo, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: cifs-mount, ldapsmb, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0839-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 848101 CVE References: CVE-2013-4475 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): samba-3.4.3-1.54.1, samba-doc-3.4.3-1.54.1