USN-4510-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4510-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4510-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4510-1
Related
Published
2020-09-17T11:03:22.597546Z
Modified
2020-09-17T11:03:22.597546Z
Summary
samba vulnerability
Details

Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin.

This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting.

References

Affected packages

Ubuntu:18.04:LTS / samba

Package

Name
samba

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.7.6+dfsg~ubuntu-0ubuntu2.19

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libwbclient-dev": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "python-samba": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba-dsdb-modules": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba-common-bin": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "registry-tools": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba-libs": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "ctdb": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "winbind": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba-vfs-modules": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "libnss-winbind": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba-common": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "libpam-winbind": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "smbclient": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba-testsuite": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba-dev": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "libparse-pidl-perl": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "libsmbclient": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "samba": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "libwbclient0": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19",
            "libsmbclient-dev": "2:4.7.6+dfsg~ubuntu-0ubuntu2.19"
        }
    ]
}

Ubuntu:16.04:LTS / samba

Package

Name
samba

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.3.11+dfsg-0ubuntu0.16.04.30

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libwbclient-dev": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "python-samba": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba-dsdb-modules": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba-common-bin": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "registry-tools": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba-libs": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "ctdb": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "winbind": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba-vfs-modules": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "libnss-winbind": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba-common": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "libpam-winbind": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "smbclient": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba-testsuite": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba-dev": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "libparse-pidl-perl": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "libsmbclient": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "samba": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "libwbclient0": "2:4.3.11+dfsg-0ubuntu0.16.04.30",
            "libsmbclient-dev": "2:4.3.11+dfsg-0ubuntu0.16.04.30"
        }
    ]
}