FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
0 < samba34
0 < samba35
3.6.* < samba36 < 3.6.23
4.0.* < samba4 < 4.0.16
4.1.* < samba41 < 4.1.6

Details

VuXML ID 03e48bf5-a96d-11e3-a556-3c970e169bc2
Discovery 2014-03-11
Entry 2014-03-11

Samba project reports:

In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly.

This is available without any other authentication.

smbcacls can remove a file or directory ACL by mistake.

References

CVE Name CVE-2013-4496
CVE Name CVE-2013-6442
URL http://www.samba.org/samba/security/CVE-2013-4496
URL http://www.samba.org/samba/security/CVE-2013-6442