Bugzilla – Bug 849224
VUL-0: CVE-2013-4496: samba: Password lockout not enforced for SAMR password changes
Last modified: 2016-04-20 10:11:29 UTC
is public http://www.samba.org/samba/history/samba-4.1.6.html CVE-2013-4496: Samba versions 3.4.0 and above allow the administrator to implement locking out Samba accounts after a number of bad password attempts. However, all released versions of Samba did not implement this check for password changes, such as are available over multiple SAMR and RAP interfaces, allowing password guessing attacks.
*** Bug 866844 has been marked as a duplicate of this bug. ***
This is an autogenerated message for OBS integration: This bug (849224) was mentioned in https://build.opensuse.org/request/show/225655 13.1 / samba https://build.opensuse.org/request/show/225656 12.3 / samba
This is an autogenerated message for OBS integration: This bug (849224) was mentioned in https://build.opensuse.org/request/show/225704 12.3 / samba https://build.opensuse.org/request/show/225706 13.1 / samba
This is an autogenerated message for OBS integration: This bug (849224) was mentioned in https://build.opensuse.org/request/show/225717 Factory / samba
openSUSE-SU-2014:0404-1: An update that solves two vulnerabilities and has 21 fixes is now available. Category: security (moderate) Bug References: 437293,726937,786677,844307,846586,849224,855866,856759,857454,860648,860809,860832,861135,862370,862558,863079,863748,865095,865397,865561,865641,865771,867665 CVE References: CVE-2013-4496,CVE-2013-6442 Sources used: openSUSE 13.1 (src): samba-4.1.6-3.18.1
openSUSE-SU-2014:0405-1: An update that solves three vulnerabilities and has 9 fixes is now available. Category: security (moderate) Bug References: 437293,741623,755663,786677,844307,844720,849224,853021,853347,854520,863748,865561 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496 Sources used: openSUSE 12.3 (src): samba-3.6.12-59.19.1, samba-doc-3.6.12-59.19.1
Update released for: cifs-mount, ldapsmb, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtdb-devel, libtdb1, libwbclient-devel, libwbclient0, samba, samba-client, samba-debuginfo, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-64bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-64bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-64bit, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-64bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-64bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-64bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-64bit, libwbclient0-x86, samba, samba-32bit, samba-64bit, samba-client, samba-client-32bit, samba-client-64bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-64bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-64bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0497-1: An update that solves one vulnerability and has 6 fixes is now available. Category: security (important) Bug References: 726937,786677,844307,847009,849224,863748,865561 CVE References: CVE-2013-4496 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): samba-3.6.3-0.50.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): samba-3.6.3-0.50.1, samba-doc-3.6.3-0.50.1 SUSE Linux Enterprise Server 11 SP3 (src): samba-3.6.3-0.50.1, samba-doc-3.6.3-0.50.1 SUSE Linux Enterprise Desktop 11 SP3 (src): samba-3.6.3-0.50.1, samba-doc-3.6.3-0.50.1
Fixed and released. Closing bug.
Update released for: cifs-mount, ldapsmb, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0723-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 783384,799641,800982,829969,844720,849224,853021,853347 CVE References: CVE-2012-6150,CVE-2013-0213,CVE-2013-0214,CVE-2013-4124,CVE-2013-4408,CVE-2013-4496 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): samba-3.4.3-1.52.3, samba-doc-3.4.3-1.52.3
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64) SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0901-1: An update that solves four vulnerabilities and has 7 fixes is now available. Category: security (moderate) Bug References: 437293,726937,786677,844307,849224,863748,865561,872396,879390,880962,883758 CVE References: CVE-2013-4496,CVE-2014-0178,CVE-2014-0244,CVE-2014-3493 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): samba-3.4.3-1.54.4, samba-3.6.3-0.33.41.2, samba-doc-3.6.3-0.33.41.2
openSUSE-SU-2016:1106-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE 13.1 (src): samba-4.2.4-3.54.2
openSUSE-SU-2016:1107-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE Evergreen 11.4 (src): samba-3.6.3-141.1, samba-doc-3.6.3-141.1