Oval Definition:oval:org.mitre.oval:def:24559
Revision Date:2014-05-26Version:15
Title:ELSA-2014:0330: samba and samba3x security update (Moderate)
Description:Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.It was found that certain Samba configurations did not enforce the passwordlockout mechanism. A remote attacker could use this flaw to performpassword guessing attacks on Samba user accounts. Note: this flaw onlyaffected Samba when deployed as a Primary Domain Controller.(CVE-2013-4496)A flaw was found in the way the pam_winbind module handled configurationsthat specified a non-existent group as required. An authenticated usercould possibly use this flaw to gain access to a service using pam_winbindin its PAM configuration when group restriction was intended for access tothe service. (CVE-2012-6150)Red Hat would like to thank the Samba project for reporting CVE-2013-4496and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledgesAndrew Bartlett as the original reporter of CVE-2013-4496.All users of Samba are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, the smb service will be restarted automatically.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2012-6150
CVE-2013-4496
ELSA-2014:0330-01
Platform(s):Oracle Linux 5
Oracle Linux 6
Product(s):samba
samba3x
Definition Synopsis
  • rpm test
  • Oracle Linux 5.x
  • AND rpm test
  • samba3x-doc is earlier than 0:3.6.6-0.139.el5_10
  • OR samba3x-winbind is earlier than 0:3.6.6-0.139.el5_10
  • OR samba3x is earlier than 0:3.6.6-0.139.el5_10
  • OR samba3x-winbind-devel is earlier than 0:3.6.6-0.139.el5_10
  • OR samba3x-swat is earlier than 0:3.6.6-0.139.el5_10
  • OR samba3x-common is earlier than 0:3.6.6-0.139.el5_10
  • OR samba3x-domainjoin-gui is earlier than 0:3.6.6-0.139.el5_10
  • OR samba3x-client is earlier than 0:3.6.6-0.139.el5_10
  • OR rpm test
  • Oracle Linux 6.x
  • AND rpm test
  • samba-swat is earlier than 0:3.6.9-168.el6_5
  • OR libsmbclient-devel is earlier than 0:3.6.9-168.el6_5
  • OR samba-winbind-clients is earlier than 0:3.6.9-168.el6_5
  • OR samba-domainjoin-gui is earlier than 0:3.6.9-168.el6_5
  • OR samba-winbind is earlier than 0:3.6.9-168.el6_5
  • OR libsmbclient is earlier than 0:3.6.9-168.el6_5
  • OR samba-client is earlier than 0:3.6.9-168.el6_5
  • OR samba-winbind-devel is earlier than 0:3.6.9-168.el6_5
  • OR samba is earlier than 0:3.6.9-168.el6_5
  • OR samba-doc is earlier than 0:3.6.9-168.el6_5
  • OR samba-common is earlier than 0:3.6.9-168.el6_5
  • OR samba-winbind-krb5-locator is earlier than 0:3.6.9-168.el6_5
  • BACK