Amazon Linux 1 Security Advisory: ALAS-2023-1896
Advisory Release Date: 2023-11-29 23:18 Pacific
Advisory Updated Date: 2023-12-04 21:36 Pacific
When doing NTLM authentication, the client sends replies to
cryptographic challenges back to the server. These replies
have variable length. Winbind did not properly bounds-check
the lan manager response length, which despite the lan
manager version no longer being used is still part of the
protocol.
If the system is running Samba's ntlm_auth as authentication backend
for services like Squid (or a very unusual configuration with
FreeRADIUS), the vulnarebility is remotely exploitable
If not so configured, or to exploit this vulnerability locally, the
user must have access to the privileged winbindd UNIX domain
socket (a subdirectory with name 'winbindd_privileged' under "state
directory", as set in the smb.conf).
This access is normally only given so special system services like
Squid or FreeRADIUS, that use this feature. (CVE-2022-2127)
SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" (CVE-2023-4091)
Affected Packages:
samba
Issue Correction:
Run yum update samba to update your system.
i686:
samba-winbind-4.10.16-24.68.amzn1.i686
samba-python-test-4.10.16-24.68.amzn1.i686
samba-krb5-printing-4.10.16-24.68.amzn1.i686
samba-python-4.10.16-24.68.amzn1.i686
libsmbclient-4.10.16-24.68.amzn1.i686
samba-4.10.16-24.68.amzn1.i686
ctdb-tests-4.10.16-24.68.amzn1.i686
libwbclient-4.10.16-24.68.amzn1.i686
samba-winbind-modules-4.10.16-24.68.amzn1.i686
samba-client-4.10.16-24.68.amzn1.i686
samba-libs-4.10.16-24.68.amzn1.i686
samba-devel-4.10.16-24.68.amzn1.i686
samba-test-libs-4.10.16-24.68.amzn1.i686
samba-common-tools-4.10.16-24.68.amzn1.i686
samba-winbind-krb5-locator-4.10.16-24.68.amzn1.i686
ctdb-4.10.16-24.68.amzn1.i686
libsmbclient-devel-4.10.16-24.68.amzn1.i686
samba-common-libs-4.10.16-24.68.amzn1.i686
samba-debuginfo-4.10.16-24.68.amzn1.i686
samba-test-4.10.16-24.68.amzn1.i686
samba-client-libs-4.10.16-24.68.amzn1.i686
libwbclient-devel-4.10.16-24.68.amzn1.i686
samba-winbind-clients-4.10.16-24.68.amzn1.i686
noarch:
samba-pidl-4.10.16-24.68.amzn1.noarch
samba-common-4.10.16-24.68.amzn1.noarch
src:
samba-4.10.16-24.68.amzn1.src
x86_64:
samba-python-test-4.10.16-24.68.amzn1.x86_64
samba-winbind-4.10.16-24.68.amzn1.x86_64
samba-debuginfo-4.10.16-24.68.amzn1.x86_64
libsmbclient-4.10.16-24.68.amzn1.x86_64
samba-winbind-modules-4.10.16-24.68.amzn1.x86_64
samba-test-libs-4.10.16-24.68.amzn1.x86_64
samba-test-4.10.16-24.68.amzn1.x86_64
samba-winbind-clients-4.10.16-24.68.amzn1.x86_64
samba-libs-4.10.16-24.68.amzn1.x86_64
samba-winbind-krb5-locator-4.10.16-24.68.amzn1.x86_64
samba-krb5-printing-4.10.16-24.68.amzn1.x86_64
libwbclient-devel-4.10.16-24.68.amzn1.x86_64
ctdb-4.10.16-24.68.amzn1.x86_64
samba-client-4.10.16-24.68.amzn1.x86_64
libsmbclient-devel-4.10.16-24.68.amzn1.x86_64
samba-common-tools-4.10.16-24.68.amzn1.x86_64
samba-4.10.16-24.68.amzn1.x86_64
samba-devel-4.10.16-24.68.amzn1.x86_64
samba-common-libs-4.10.16-24.68.amzn1.x86_64
libwbclient-4.10.16-24.68.amzn1.x86_64
ctdb-tests-4.10.16-24.68.amzn1.x86_64
samba-python-4.10.16-24.68.amzn1.x86_64
samba-client-libs-4.10.16-24.68.amzn1.x86_64