Important CentOS samba4 Update

Metadata

high
8.3
samba4-4.0.0-60.el6_5.rc4.i686.rpm, samba4-4.0.0-60.el6_5.rc4.src.rpm, samba4-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-client-4.0.0-60.el6_5.rc4.i686.rpm, samba4-client-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-common-4.0.0-60.el6_5.rc4.i686.rpm, samba4-common-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-dc-4.0.0-60.el6_5.rc4.i686.rpm, samba4-dc-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-dc-libs-4.0.0-60.el6_5.rc4.i686.rpm, samba4-dc-libs-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-devel-4.0.0-60.el6_5.rc4.i686.rpm, samba4-devel-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-libs-4.0.0-60.el6_5.rc4.i686.rpm, samba4-libs-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-pidl-4.0.0-60.el6_5.rc4.i686.rpm, samba4-pidl-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-python-4.0.0-60.el6_5.rc4.i686.rpm, samba4-python-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-swat-4.0.0-60.el6_5.rc4.i686.rpm, samba4-swat-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-test-4.0.0-60.el6_5.rc4.i686.rpm, samba4-test-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-winbind-4.0.0-60.el6_5.rc4.i686.rpm, samba4-winbind-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-winbind-clients-4.0.0-60.el6_5.rc4.i686.rpm, samba4-winbind-clients-4.0.0-60.el6_5.rc4.x86_64.rpm, samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.i686.rpm, samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.x86_64.rpm
CVE-2013-4408
rhn.redhat.com, lists.centos.org
2013-12-10
2017-07-27 19:06
Important CentOS samba Update
CVE-2013-4408 samba
CVE-2013-4408 samba4
CVE-2013-4408
2017-04-01 19:07
2017-01-05 20:11

Description


Updated samba4 packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

A heap-based buffer overflow flaw was found in the DCE-RPC client code in
Samba. A specially crafted DCE-RPC packet could cause various Samba
programs to crash or, possibly, execute arbitrary code when parsed.
A malicious or compromised Active Directory Domain Controller could use
this flaw to compromise the winbindd daemon running with root privileges.
(CVE-2013-4408)

Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the
original reporters of this issue.

All users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the smb service will be restarted automatically.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 samba4 samba4-4.0.0-60.el6_5.rc4.i686.rpm
samba4 samba4-4.0.0-60.el6_5.rc4.src.rpm
samba4 samba4-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-client samba4-client-4.0.0-60.el6_5.rc4.i686.rpm
samba4-client samba4-client-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-common samba4-common-4.0.0-60.el6_5.rc4.i686.rpm
samba4-common samba4-common-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-dc samba4-dc-4.0.0-60.el6_5.rc4.i686.rpm
samba4-dc samba4-dc-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-dc-libs samba4-dc-libs-4.0.0-60.el6_5.rc4.i686.rpm
samba4-dc-libs samba4-dc-libs-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-devel samba4-devel-4.0.0-60.el6_5.rc4.i686.rpm
samba4-devel samba4-devel-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-libs samba4-libs-4.0.0-60.el6_5.rc4.i686.rpm
samba4-libs samba4-libs-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-pidl samba4-pidl-4.0.0-60.el6_5.rc4.i686.rpm
samba4-pidl samba4-pidl-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-python samba4-python-4.0.0-60.el6_5.rc4.i686.rpm
samba4-python samba4-python-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-swat samba4-swat-4.0.0-60.el6_5.rc4.i686.rpm
samba4-swat samba4-swat-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-test samba4-test-4.0.0-60.el6_5.rc4.i686.rpm
samba4-test samba4-test-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-winbind samba4-winbind-4.0.0-60.el6_5.rc4.i686.rpm
samba4-winbind samba4-winbind-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-winbind-clients samba4-winbind-clients-4.0.0-60.el6_5.rc4.i686.rpm
samba4-winbind-clients samba4-winbind-clients-4.0.0-60.el6_5.rc4.x86_64.rpm
samba4-winbind-krb5-locator samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.i686.rpm
samba4-winbind-krb5-locator samba4-winbind-krb5-locator-4.0.0-60.el6_5.rc4.x86_64.rpm