[samba4] Security Release, fixes CVE-2012-2111
Simo Sorce
simo at fedoraproject.org
Mon Apr 30 14:45:28 UTC 2012
commit b5838a50ba15026250e194240ea55a961cf391e9
Author: Günther Deschner <gd at samba.org>
Date: Fri Apr 27 17:13:10 2012 +0200
Security Release, fixes CVE-2012-2111
resolves: #817551
samba4-CVE-2012-2111.patch | 74 ++++++++++++++++++++++++++++++++++++++++++++
samba4.spec | 8 ++++-
2 files changed, 81 insertions(+), 1 deletions(-)
---
diff --git a/samba4-CVE-2012-2111.patch b/samba4-CVE-2012-2111.patch
new file mode 100644
index 0000000..d85e591
--- /dev/null
+++ b/samba4-CVE-2012-2111.patch
@@ -0,0 +1,74 @@
+From fc21652aca3b1fb8d1373b54a8ccdf5c7bc9509b Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra at samba.org>
+Date: Tue, 17 Apr 2012 12:30:15 -0700
+Subject: [PATCH] Fix bug #8873 - self granting privileges in security=ads.
+
+---
+ source3/rpc_server/lsa/srv_lsa_nt.c | 16 ++++++++++++----
+ 1 files changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
+index 48bdfdb..f1605af 100644
+--- a/source3/rpc_server/lsa/srv_lsa_nt.c
++++ b/source3/rpc_server/lsa/srv_lsa_nt.c
+@@ -2725,6 +2725,10 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
+ uint32_t acc_granted;
+ struct security_descriptor *psd;
+ size_t sd_size;
++ uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
++ ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
++ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
++ SEC_STD_DELETE));
+
+ /* find the connection policy handle. */
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
+@@ -2750,7 +2754,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
+
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_POLICY_ALL_ACCESS);
++ r->in.sid, owner_access);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+@@ -2791,6 +2795,10 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
+ size_t sd_size;
+ uint32_t des_access = r->in.access_mask;
+ uint32_t acc_granted;
++ uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
++ ~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
++ LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
++ SEC_STD_DELETE));
+ NTSTATUS status;
+
+ /* find the connection policy handle. */
+@@ -2815,7 +2823,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
+ /* get the generic lsa account SD until we store it */
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++ r->in.sid, owner_access);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+@@ -3174,7 +3182,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
+ /* get the generic lsa account SD for this SID until we store it */
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++ NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+@@ -3245,7 +3253,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
+ /* get the generic lsa account SD for this SID until we store it */
+ status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
+ &lsa_account_mapping,
+- r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
++ NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+--
+1.7.7.3
+
diff --git a/samba4.spec b/samba4.spec
index a204db4..5f35ccb 100644
--- a/samba4.spec
+++ b/samba4.spec
@@ -1,4 +1,4 @@
-%define main_release 43
+%define main_release 44
%define samba_version 4.0.0
%define talloc_version 2.0.7
@@ -77,6 +77,7 @@ Patch3: samba4-waf_target.patch
Patch4: samba4-external_ldap_callback.patch
Patch5: samba4-4.0.0-alpha19-CVE-2012-1182.patch
Patch6: samba4-4.0.0-alpha20-lib-private.patch
+Patch7: samba4-CVE-2012-2111.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -346,6 +347,7 @@ link against the SMB, RPC and other protocols.
%patch4 -p1 -b .external_callback
%patch5 -p1 -b .CVE-2012-1182
%patch6 -p1 -b .private-lib
+%patch7 -p1 -b .CVE-2012-2111
%build
%define _talloc_lib %nil
@@ -1208,6 +1210,10 @@ rm -rf %{buildroot}
%endif # with_libwbclient
%changelog
+* Mon Apr 30 2012 Guenther Deschner < gdeschner at redhat.com> - 4.0.0-44.alpha18
+- Security Release, fixes CVE-2012-2111
+- resolves: #817551
+
* Tue Apr 24 2012 Andreas Schneider <asn at redhat.com> - 4.0.0-43.alpha18
- Move libraries to samba4-libs so it doesn't depend on samba4-common.
More information about the scm-commits
mailing list