diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-04-01 15:48:47 +0200 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-04-03 23:26:45 +0200 |
commit | 9aaa23ec8baa50b63d33466f3f353e43c473952a (patch) | |
tree | 4c25fb285469828b15d8f07a117ee5578da9a7e4 /package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch | |
parent | d6d3db05436952f68f47d35df58ad5050b1f2d66 (diff) | |
download | upstream-9aaa23ec8baa50b63d33466f3f353e43c473952a.tar.gz upstream-9aaa23ec8baa50b63d33466f3f353e43c473952a.tar.bz2 upstream-9aaa23ec8baa50b63d33466f3f353e43c473952a.zip |
samba36: fix some security problems
This Adds fixes for the following security problems based on debians patches:
CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
CVE-2017-12163: Server memory information leak over SMB1
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
CVE-2018-1050: Denial of Service Attack on external print server.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch')
-rw-r--r-- | package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch b/package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch new file mode 100644 index 0000000000..8e174f0e7b --- /dev/null +++ b/package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch @@ -0,0 +1,59 @@ +From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org> +Date: Wed, 28 Dec 2016 19:21:49 +0100 +Subject: security-CVE-2016-2125: Don't pass GSS_C_DELEG_FLAG by default + +This is a backport of upstream commits + + b1a056f77e793efc45df34ab7bf78fbec1bf8a59 + b83897ae49fdee1fda73c10c7fe73362bfaba690 (code not used in wheezy) + 3106964a640ddf6a3c08c634ff586a814f94dff8 (code not used in wheezy) +--- + source3/librpc/crypto/gse.c | 1 - + source3/libsmb/clifsinfo.c | 2 +- + source4/auth/gensec/gensec_gssapi.c | 2 +- + source4/scripting/bin/nsupdate-gss | 2 +- + 4 files changed, 3 insertions(+), 4 deletions(-) + +--- a/source3/librpc/crypto/gse.c ++++ b/source3/librpc/crypto/gse.c +@@ -162,7 +162,6 @@ static NTSTATUS gse_context_init(TALLOC_ + memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc)); + + gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG | +- GSS_C_DELEG_FLAG | + GSS_C_DELEG_POLICY_FLAG | + GSS_C_REPLAY_FLAG | + GSS_C_SEQUENCE_FLAG; +--- a/source3/libsmb/clifsinfo.c ++++ b/source3/libsmb/clifsinfo.c +@@ -726,7 +726,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC + &es->s.gss_state->gss_ctx, + srv_name, + GSS_C_NO_OID, /* default OID. */ +- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG, ++ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_POLICY_FLAG, + GSS_C_INDEFINITE, /* requested ticket lifetime. */ + NULL, /* no channel bindings */ + p_tok_in, +--- a/source4/auth/gensec/gensec_gssapi.c ++++ b/source4/auth/gensec/gensec_gssapi.c +@@ -172,7 +172,7 @@ static NTSTATUS gensec_gssapi_start(stru + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) { + gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; + } +- if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", true)) { ++ if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", false)) { + gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG; + } + if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "replay", true)) { +--- a/source4/scripting/bin/nsupdate-gss ++++ b/source4/scripting/bin/nsupdate-gss +@@ -178,7 +178,7 @@ sub negotiate_tkey($$$$) + my $flags = + GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | + GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | +- GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG; ++ GSS_C_INTEG_FLAG; + + + $status = GSSAPI::Cred::acquire_cred(undef, 120, undef, GSS_C_INITIATE, |