Date: Wed, 21 Dec 2016 20:24:50 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 215476] net/samba44 has applicable CVE's. Successfully built a samba-4.4.8 Message-ID: <bug-215476-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215476 Bug ID: 215476 Summary: net/samba44 has applicable CVE's. Successfully built a samba-4.4.8 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: timur@FreeBSD.org Reporter: dewayne@heuristicsystems.com.au Flags: maintainer-feedback?(timur@FreeBSD.org) Assignee: timur@FreeBSD.org Timur, Unfortunately Samba has a few CVE's that are applicable. Would you please review.=20=20 1, CVE 2123 - Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overfl= ow Remote Code Execution Vulnerability. "Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption." seems applicable. Perhaps another reason to NOT use the internal dns ;). Applicable to all Samba4* 2. CVE 2125 - Unconditional privilege delegation to Kerberos servers in tru= sted realms, does apply to net/samba44 https://www.samba.org/samba/security/CVE-2016-2126.html. Applicable to Samba36 and all Samba4* 3. CVE 2126 As the port contains samba-4.4.5_1 then the second part of https://www.samba.org/samba/security/CVE-2016-2126.html doesn't apply. How= ever the first part may? Applicable to all Samba4* I've managed to build Samba 4.4.5_1 and Samba 4.4.8 on a FreeBSD 11.0 Stable amd64 and i386 platform. Unfortunately I needed to: - add USE_GCC=3D 5 to the samba44/Makefile,=20 - tweak (removed a few files from) pkg-plist and=20 - removed a patch file (patch-source4__dns_server__dns_crypto.c. I spent 30 mins reviewing the updated code, it looks like the FreeBSD patch has been incorporated, but I'm not sure about buffer_len in gensec_sign_packet. Unfortunately (perhaps) we don't use the internal DNS, so I'm unable to tes= t. Unfortunately this was done over a few days and I suspect that a patch-kit = may be misleading.=20=20 For others, Timur is occassionally on the samba tech list, and often defers updating the ports because something is doubtful (hackish) or a work-around patch is needed (& requires testing). So as frustrating as this may be, I'= ve found that Timur always acts in the interests of the FreeBSD-SAMBA communit= y.=20 (So to patch/update 4.4.8 or wait for 4.4.9 on Jan 4/5?) :) PS I used lang/gcc5 (gcc 5.4.0) in preference to lang/gcc (which is 4.9) because there is a base/gcc that uses gcc 5.4 - so I've assumed that this is the future direction for the base system(s)? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215476-13>