Ubuntu
samba package

Samba [Bug 13272] [SECURITY] CVE-2018-1057

Bug #1755059 reported by Andrew Bartlett
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Fix Released
High
Andreas Hasenack
Trusty
Fix Released
High
Unassigned
Xenial
Fix Released
High
Unassigned
Artful
Fix Released
High
Unassigned
Bionic
Fix Released
High
Andreas Hasenack

Bug Description

Please ensure that Ubuntu includes the fixes for https://bugzilla.samba.org/show_bug.cgi?id=13272 urgently as soon as the embargo is lifted. This is a serious issue.

Ideally also ensure that for the 4.7 series in 18.04 that you pick up the new 4.7.6 tarball and so avoid shipping https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1755057 (rather than just applying the patch).

Thanks!

Related branches

~ahasenack/ubuntu/+source/samba:bionic-samba-4.7.6
Christian Ehrhardt  (community): Approve
Canonical Server: Pending requested
Diff: 4928 lines (+1780/-463)
157 files modified
VERSION (+1/-1)
WHATSNEW.txt (+165/-2)
buildtools/wafsamba/samba_autoconf.py (+3/-1)
ctdb/doc/ctdb-etcd.7 (+2/-2)
ctdb/doc/ctdb-statistics.7 (+2/-2)
ctdb/doc/ctdb-tunables.7 (+2/-2)
ctdb/doc/ctdb.1 (+2/-2)
ctdb/doc/ctdb.7 (+2/-2)
ctdb/doc/ctdb_diagnostics.1 (+2/-2)
ctdb/doc/ctdb_mutex_ceph_rados_helper.7 (+2/-2)
ctdb/doc/ctdbd.1 (+2/-2)
ctdb/doc/ctdbd.conf.5 (+2/-2)
ctdb/doc/ctdbd_wrapper.1 (+2/-2)
ctdb/doc/ltdbtool.1 (+2/-2)
ctdb/doc/onnode.1 (+2/-2)
ctdb/doc/ping_pong.1 (+2/-2)
ctdb/server/ctdb_recovery_helper.c (+12/-4)
ctdb/wscript (+1/-1)
debian/changelog (+35/-0)
docs/manpages/cifsdd.8 (+2/-2)
docs/manpages/dbwrap_tool.1 (+2/-2)
docs/manpages/eventlogadm.8 (+2/-2)
docs/manpages/findsmb.1 (+2/-2)
docs/manpages/idmap_ad.8 (+2/-2)
docs/manpages/idmap_autorid.8 (+2/-2)
docs/manpages/idmap_hash.8 (+2/-2)
docs/manpages/idmap_ldap.8 (+2/-2)
docs/manpages/idmap_nss.8 (+2/-2)
docs/manpages/idmap_rfc2307.8 (+2/-2)
docs/manpages/idmap_rid.8 (+2/-2)
docs/manpages/idmap_script.8 (+2/-2)
docs/manpages/idmap_tdb.8 (+2/-2)
docs/manpages/idmap_tdb2.8 (+2/-2)
docs/manpages/libsmbclient.7 (+2/-2)
docs/manpages/lmhosts.5 (+2/-2)
docs/manpages/log2pcap.1 (+2/-2)
docs/manpages/mvxattr.1 (+2/-2)
docs/manpages/net.8 (+2/-2)
docs/manpages/nmbd.8 (+2/-2)
docs/manpages/nmblookup.1 (+2/-2)
docs/manpages/ntlm_auth.1 (+2/-2)
docs/manpages/pam_winbind.8 (+2/-2)
docs/manpages/pam_winbind.conf.5 (+2/-2)
docs/manpages/pdbedit.8 (+2/-2)
docs/manpages/profiles.1 (+2/-2)
docs/manpages/rpcclient.1 (+2/-2)
docs/manpages/samba-regedit.8 (+2/-2)
docs/manpages/samba-tool.8 (+2/-2)
docs/manpages/samba.7 (+2/-2)
docs/manpages/samba.8 (+2/-2)
docs/manpages/sharesec.1 (+2/-2)
docs/manpages/smb.conf.5 (+2/-2)
docs/manpages/smbcacls.1 (+2/-2)
docs/manpages/smbclient.1 (+2/-2)
docs/manpages/smbcontrol.1 (+2/-2)
docs/manpages/smbcquotas.1 (+2/-2)
docs/manpages/smbd.8 (+2/-2)
docs/manpages/smbget.1 (+2/-2)
docs/manpages/smbgetrc.5 (+2/-2)
docs/manpages/smbpasswd.5 (+2/-2)
docs/manpages/smbpasswd.8 (+2/-2)
docs/manpages/smbspool.8 (+2/-2)
docs/manpages/smbspool_krb5_wrapper.8 (+2/-2)
docs/manpages/smbstatus.1 (+2/-2)
docs/manpages/smbtar.1 (+2/-2)
docs/manpages/smbtree.1 (+2/-2)
docs/manpages/testparm.1 (+2/-2)
docs/manpages/vfs_acl_tdb.8 (+2/-2)
docs/manpages/vfs_acl_xattr.8 (+2/-2)
docs/manpages/vfs_aio_fork.8 (+2/-2)
docs/manpages/vfs_aio_linux.8 (+2/-2)
docs/manpages/vfs_aio_pthread.8 (+2/-2)
docs/manpages/vfs_audit.8 (+2/-2)
docs/manpages/vfs_btrfs.8 (+2/-2)
docs/manpages/vfs_cacheprime.8 (+2/-2)
docs/manpages/vfs_cap.8 (+2/-2)
docs/manpages/vfs_catia.8 (+2/-2)
docs/manpages/vfs_ceph.8 (+2/-2)
docs/manpages/vfs_commit.8 (+2/-2)
docs/manpages/vfs_crossrename.8 (+2/-2)
docs/manpages/vfs_default_quota.8 (+2/-2)
docs/manpages/vfs_dirsort.8 (+2/-2)
docs/manpages/vfs_extd_audit.8 (+2/-2)
docs/manpages/vfs_fake_perms.8 (+2/-2)
docs/manpages/vfs_fileid.8 (+2/-2)
docs/manpages/vfs_fruit.8 (+2/-2)
docs/manpages/vfs_full_audit.8 (+2/-2)
docs/manpages/vfs_glusterfs.8 (+2/-2)
docs/manpages/vfs_gpfs.8 (+2/-2)
docs/manpages/vfs_linux_xfs_sgid.8 (+2/-2)
docs/manpages/vfs_media_harmony.8 (+2/-2)
docs/manpages/vfs_netatalk.8 (+2/-2)
docs/manpages/vfs_offline.8 (+2/-2)
docs/manpages/vfs_prealloc.8 (+2/-2)
docs/manpages/vfs_preopen.8 (+2/-2)
docs/manpages/vfs_readahead.8 (+2/-2)
docs/manpages/vfs_readonly.8 (+2/-2)
docs/manpages/vfs_recycle.8 (+2/-2)
docs/manpages/vfs_shadow_copy.8 (+2/-2)
docs/manpages/vfs_shadow_copy2.8 (+2/-2)
docs/manpages/vfs_shell_snap.8 (+2/-2)
docs/manpages/vfs_snapper.8 (+2/-2)
docs/manpages/vfs_streams_depot.8 (+2/-2)
docs/manpages/vfs_streams_xattr.8 (+2/-2)
docs/manpages/vfs_syncops.8 (+2/-2)
docs/manpages/vfs_time_audit.8 (+2/-2)
docs/manpages/vfs_tsmsm.8 (+2/-2)
docs/manpages/vfs_unityed_media.8 (+2/-2)
docs/manpages/vfs_worm.8 (+2/-2)
docs/manpages/vfs_xattr_tdb.8 (+2/-2)
docs/manpages/vfs_zfsacl.8 (+2/-2)
docs/manpages/vfstest.1 (+2/-2)
docs/manpages/wbinfo.1 (+2/-2)
docs/manpages/winbind_krb5_locator.7 (+2/-2)
docs/manpages/winbindd.8 (+2/-2)
lib/replace/system/nis.h (+83/-0)
lib/replace/wscript (+33/-5)
lib/util/access.c (+7/-3)
lib/util/wscript_build (+1/-1)
python/samba/common.py (+17/-0)
python/samba/dbchecker.py (+268/-52)
python/samba/tests/common.py (+29/-4)
selftest/selftest.pl (+3/-2)
selftest/target/Samba3.pm (+4/-0)
source3/auth/user_util.c (+13/-0)
source3/auth/wscript_build (+1/-1)
source3/include/includes.h (+0/-49)
source3/include/smb_acls.h (+8/-2)
source3/lib/sysquotas_nfs.c (+10/-1)
source3/lib/util.c (+11/-0)
source3/modules/vfs_ceph.c (+15/-0)
source3/modules/vfs_default.c (+7/-7)
source3/modules/vfs_error_inject.c (+100/-0)
source3/modules/vfs_fruit.c (+133/-40)
source3/modules/wscript_build (+7/-0)
source3/rpc_server/spoolss/srv_spoolss_nt.c (+13/-0)
source3/script/tests/test_smbd_error.sh (+56/-0)
source3/selftest/tests.py (+3/-0)
source3/smbd/oplock.c (+18/-7)
source3/smbd/pysmbd.c (+38/-5)
source3/smbd/server_exit.c (+0/-4)
source3/wscript (+21/-13)
source3/wscript_build (+1/-1)
source4/dsdb/samdb/ldb_modules/acl.c (+131/-15)
source4/dsdb/samdb/ldb_modules/password_hash.c (+37/-8)
source4/dsdb/samdb/ldb_modules/repl_meta_data.c (+15/-3)
source4/dsdb/samdb/samdb.h (+9/-0)
source4/dsdb/tests/python/passwords.py (+49/-0)
source4/heimdal/kdc/pkinit.c (+7/-4)
source4/heimdal/lib/asn1/rfc2459.asn1 (+1/-1)
source4/heimdal/lib/krb5/pkinit.c (+6/-1)
source4/libcli/ldap/ldap_controls.c (+1/-0)
source4/setup/schema_samba4.ldif (+1/-0)
source4/smbd/server.c (+1/-3)
source4/torture/vfs/fruit.c (+85/-4)
testprogs/blackbox/dbcheck-links.sh (+78/-0)
testprogs/blackbox/tombstones-expunge.sh (+24/-0)

CVE References

Revision history for this message
Andrew Bartlett (abartlet) wrote :

Additionally, it seems Ubuntu is shipping Samba 4.3, to which patches have not been provided (as they don't backport cleanly) in 14.04 and 16.04.

Are you planning to simply upgrade Samba, otherwise there isn't much time to attempt a backport!

This is a very serious issue (CVSS 8.2)

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

CVSS Base Score:
    8.8
Impact Subscore:
    5.9
Exploitability Subscore:
    2.8
CVSS Temporal Score:
    8.2
CVSS Environmental Score:
    NA
Modified Impact Subscore:
    NA
Overall CVSS Score:
    8.2

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hello! Updates for 17.10, 16.04 LTS, and 14.04 LTS have already been prepared and will be published on the day that the embargo is lifted. Thanks for reaching out to us.

Tyler Hicks (tyhicks)
information type: Private Security → Public Security
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Updates were released for this issue:

  https://usn.ubuntu.com/3595-1/

Changed in samba (Ubuntu Trusty):
status: New → Fix Released
Changed in samba (Ubuntu Xenial):
status: New → Fix Released
Changed in samba (Ubuntu Artful):
status: New → Fix Released
Changed in samba (Ubuntu Trusty):
importance: Undecided → High
Changed in samba (Ubuntu Xenial):
importance: Undecided → High
Changed in samba (Ubuntu Artful):
importance: Undecided → High
Changed in samba (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → High
Tyler Hicks (tyhicks)
Changed in samba (Ubuntu Bionic):
assignee: nobody → Andreas Hasenack (ahasenack)
summary: - Samba [Bug 13272] [SECURITY][EMBARGOED] CVE-2018-1057
+ Samba [Bug 13272] [SECURITY] CVE-2018-1057
Andreas Hasenack (ahasenack)
Changed in samba (Ubuntu Bionic):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.7.6+dfsg~ubuntu-0ubuntu1

---------------
samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium

  * New upstream version:
    - Fix database corruption bug when upgrading from samba 4.6 or lower
      AD controllers (LP: #1755057)
    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/source_samba.py.
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
        anonymously
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is https://launchpad.net/bugs/1274247

 -- Andreas Hasenack <email address hidden> Tue, 13 Mar 2018 16:58:49 -0300

Changed in samba (Ubuntu Bionic):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.