[ MDVSA-2015:082 ] samba

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:082
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated samba packages fix security vulnerabilities:
 
 In Samba before 3.6.23, the SAMR server neglects to ensure that
 attempted password changes will update the bad password count, and does
 not set the lockout flags.  This would allow a user unlimited attempts
 against the password by simply calling ChangePasswordUser2 repeatedly.
 This is available without any other authentication (CVE-2013-4496).
 
 Information leak vulnerability in the VFS code, allowing an
 authenticated user to retrieve eight bytes of uninitialized memory

Leave a Reply