[ MDVSA-2015:083 ] samba4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:083
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : samba4
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in samba4:
 
 Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before
 4.2rc4, when an Active Directory Domain Controller (AD DC)
 is configured, allows remote authenticated users to set the LDB
 userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain
 privileges, by leveraging delegation of authority for user-account
 or computer-account creation (CVE-2014-8143).
 
 An uninitialized pointer use flaw was found in the Samba daemon
 (smbd). A malicious

007 Software

[ MDVSA-2015:083 ] samba4

Leave a Reply Cancel reply

Software and Security Information