o Fix possible memory leaks in the Samba master process (bug #8970).
o Fix uninitialized memory read in talloc_free().
o Fix joining of XP Pro workstations to 3.6 DCs (bug #8373).
http://www.samba.org/samba/security/CVE-2012-2111
Samba versions 3.4.x to 3.6.4 inclusive are affected by a
vulnerability that allows arbitrary users to modify privileges on a
file server.
Security checks were incorrectly applied to the Local Security
Authority (LSA) remote proceedure calls (RPC) CreateAccount,
OpenAccount, AddAccountRights and RemoveAccountRights allowing any
authenticated user to modify the privileges database.
This is a serious error, as it means that authenticated users can
connect to the LSA and grant themselves the "take ownership"
privilege. This privilege is used by the smbd file server to grant the
ability to change ownership of a file or directory which means users
could take ownership of files or directories they do not own.
Fixes:
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
From maintainer Ian McWilliam
Note that the default passdb backend has been changed to 'tdbsam'.
See /usr/local/share/doc/samba/README.OpenBSD (or files/README.OpenBSD)
for more information and instructions for people who wish to convert an
existing smbpasswd-based installation.
CVE-2008-1105.
Specifically crafted SMB responses can result in a heap overflow
in the Samba client code. Because the server process, smbd, can
itself act as a client during operations such as printer
notification and domain authentication, this issue affects both
Samba client and server installations.
Feedback from sthen@
ok mbalmer@ sthen@
This fixes the following problems:
o CVE-2007-0452 (Potential Denial of Service bug in smbd)
o CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
NSS library on Solaris)
o CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)
