Vulmon
Amazon Linux 2 Security Advisory: ALAS-2023-2367
Advisory Release Date: 2023-11-29 22:20 Pacific
Advisory Updated Date: 2023-12-04 21:45 Pacific
When doing NTLM authentication, the client sends replies to
cryptographic challenges back to the server. These replies
have variable length. Winbind did not properly bounds-check
the lan manager response length, which despite the lan
manager version no longer being used is still part of the
protocol.
If the system is running Samba's ntlm_auth as authentication backend
for services like Squid (or a very unusual configuration with
FreeRADIUS), the vulnarebility is remotely exploitable
If not so configured, or to exploit this vulnerability locally, the
user must have access to the privileged winbindd UNIX domain
socket (a subdirectory with name 'winbindd_privileged' under "state
directory", as set in the smb.conf).
This access is normally only given so special system services like
Squid or FreeRADIUS, that use this feature. (CVE-2022-2127)
SMB client can truncate files to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes" (CVE-2023-4091)
Affected Packages:
samba
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update samba to update your system.
aarch64:
samba-4.10.16-24.amzn2.0.4.aarch64
samba-client-4.10.16-24.amzn2.0.4.aarch64
samba-client-libs-4.10.16-24.amzn2.0.4.aarch64
samba-common-libs-4.10.16-24.amzn2.0.4.aarch64
samba-common-tools-4.10.16-24.amzn2.0.4.aarch64
samba-dc-4.10.16-24.amzn2.0.4.aarch64
samba-dc-libs-4.10.16-24.amzn2.0.4.aarch64
samba-devel-4.10.16-24.amzn2.0.4.aarch64
samba-krb5-printing-4.10.16-24.amzn2.0.4.aarch64
samba-libs-4.10.16-24.amzn2.0.4.aarch64
libsmbclient-4.10.16-24.amzn2.0.4.aarch64
libsmbclient-devel-4.10.16-24.amzn2.0.4.aarch64
libwbclient-4.10.16-24.amzn2.0.4.aarch64
libwbclient-devel-4.10.16-24.amzn2.0.4.aarch64
samba-python-4.10.16-24.amzn2.0.4.aarch64
samba-python-test-4.10.16-24.amzn2.0.4.aarch64
samba-test-4.10.16-24.amzn2.0.4.aarch64
samba-test-libs-4.10.16-24.amzn2.0.4.aarch64
samba-winbind-4.10.16-24.amzn2.0.4.aarch64
samba-winbind-clients-4.10.16-24.amzn2.0.4.aarch64
samba-winbind-krb5-locator-4.10.16-24.amzn2.0.4.aarch64
samba-winbind-modules-4.10.16-24.amzn2.0.4.aarch64
ctdb-4.10.16-24.amzn2.0.4.aarch64
ctdb-tests-4.10.16-24.amzn2.0.4.aarch64
samba-debuginfo-4.10.16-24.amzn2.0.4.aarch64
i686:
samba-4.10.16-24.amzn2.0.4.i686
samba-client-4.10.16-24.amzn2.0.4.i686
samba-client-libs-4.10.16-24.amzn2.0.4.i686
samba-common-libs-4.10.16-24.amzn2.0.4.i686
samba-common-tools-4.10.16-24.amzn2.0.4.i686
samba-dc-4.10.16-24.amzn2.0.4.i686
samba-dc-libs-4.10.16-24.amzn2.0.4.i686
samba-devel-4.10.16-24.amzn2.0.4.i686
samba-krb5-printing-4.10.16-24.amzn2.0.4.i686
samba-libs-4.10.16-24.amzn2.0.4.i686
libsmbclient-4.10.16-24.amzn2.0.4.i686
libsmbclient-devel-4.10.16-24.amzn2.0.4.i686
libwbclient-4.10.16-24.amzn2.0.4.i686
libwbclient-devel-4.10.16-24.amzn2.0.4.i686
samba-python-4.10.16-24.amzn2.0.4.i686
samba-python-test-4.10.16-24.amzn2.0.4.i686
samba-test-4.10.16-24.amzn2.0.4.i686
samba-test-libs-4.10.16-24.amzn2.0.4.i686
samba-winbind-4.10.16-24.amzn2.0.4.i686
samba-winbind-clients-4.10.16-24.amzn2.0.4.i686
samba-winbind-krb5-locator-4.10.16-24.amzn2.0.4.i686
samba-winbind-modules-4.10.16-24.amzn2.0.4.i686
ctdb-4.10.16-24.amzn2.0.4.i686
ctdb-tests-4.10.16-24.amzn2.0.4.i686
samba-debuginfo-4.10.16-24.amzn2.0.4.i686
noarch:
samba-common-4.10.16-24.amzn2.0.4.noarch
samba-pidl-4.10.16-24.amzn2.0.4.noarch
src:
samba-4.10.16-24.amzn2.0.4.src
x86_64:
samba-4.10.16-24.amzn2.0.4.x86_64
samba-client-4.10.16-24.amzn2.0.4.x86_64
samba-client-libs-4.10.16-24.amzn2.0.4.x86_64
samba-common-libs-4.10.16-24.amzn2.0.4.x86_64
samba-common-tools-4.10.16-24.amzn2.0.4.x86_64
samba-dc-4.10.16-24.amzn2.0.4.x86_64
samba-dc-libs-4.10.16-24.amzn2.0.4.x86_64
samba-devel-4.10.16-24.amzn2.0.4.x86_64
samba-vfs-glusterfs-4.10.16-24.amzn2.0.4.x86_64
samba-krb5-printing-4.10.16-24.amzn2.0.4.x86_64
samba-libs-4.10.16-24.amzn2.0.4.x86_64
libsmbclient-4.10.16-24.amzn2.0.4.x86_64
libsmbclient-devel-4.10.16-24.amzn2.0.4.x86_64
libwbclient-4.10.16-24.amzn2.0.4.x86_64
libwbclient-devel-4.10.16-24.amzn2.0.4.x86_64
samba-python-4.10.16-24.amzn2.0.4.x86_64
samba-python-test-4.10.16-24.amzn2.0.4.x86_64
samba-test-4.10.16-24.amzn2.0.4.x86_64
samba-test-libs-4.10.16-24.amzn2.0.4.x86_64
samba-winbind-4.10.16-24.amzn2.0.4.x86_64
samba-winbind-clients-4.10.16-24.amzn2.0.4.x86_64
samba-winbind-krb5-locator-4.10.16-24.amzn2.0.4.x86_64
samba-winbind-modules-4.10.16-24.amzn2.0.4.x86_64
ctdb-4.10.16-24.amzn2.0.4.x86_64
ctdb-tests-4.10.16-24.amzn2.0.4.x86_64
samba-debuginfo-4.10.16-24.amzn2.0.4.x86_64