Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Applying patch for Samba version 4.1.17
Operating Systems Linux Debian Applying patch for Samba version 4.1.17 Post 302999181 by anaigini45 on Thursday 15th of June 2017 05:10:17 AM
Old 06-15-2017
Applying patch for Samba version 4.1.17
The version of Samba in our billing server is 4.1.17-Debian.
I have been reminded by our management to implement the patch for Samba on this server.

However, I am not sure how to implement the patch. I have browsed some websites for the correct patch to implement for Samba 4.1.17, and the patch recommended is the patch to address the vulnerability "Unexpected code execution in smbd".

There is no patch specifically for Samba version 4.1.17, however there is one for 4.1.16, and the patch is the same as for 4.1.17, which is to address the "Unexpected code execution in smbd" vulnerability.

When I click on the patch link, I am redirected to a page that displays this :

Code:
From cc4100701bec64cda6fae6a5650c2114f3862579 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 28 Jan 2015 14:47:31 -0800
Subject: [PATCH 1/2] CVE-2015-0240: s3: netlogon: Ensure we don't call
 talloc_free on an uninitialized pointer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 source3/rpc_server/netlogon/srv_netlog_nt.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index c903ae8..cab635f 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1101,6 +1101,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
 	bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
 	struct loadparm_context *lp_ctx;
 
+	if (creds_out != NULL) {
+		*creds_out = NULL;
+	}
+
 	if (schannel_global_required) {
 		status = schannel_check_required(&p->auth,
 						 computer_name,
@@ -1258,7 +1262,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
 {
 	NTSTATUS status = NT_STATUS_OK;
 	int i;
-	struct netlogon_creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds = NULL;
 
 	DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
 
-- 
2.3.0


From 57c186ee4deda5e75d3588fa0252d9817492bb1f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 16 Feb 2015 10:59:23 +0100
Subject: [PATCH 2/2] s3-netlogon: Make sure we do not deference a NULL
 pointer.

This is an additional patch for CVE-2015-0240.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32

Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---
 source3/rpc_server/netlogon/srv_netlog_nt.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index cab635f..2ba3278 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1275,9 +1275,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
 	unbecome_root();
 
 	if (!NT_STATUS_IS_OK(status)) {
+		const char *computer_name = "<unknown>";
+
+		if (creds != NULL && creds->computer_name != NULL) {
+			computer_name = creds->computer_name;
+		}
 		DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
-			r->in.computer_name, creds->computer_name));
+			r->in.computer_name, computer_name));
 		TALLOC_FREE(creds);
 		return status;
 	}
-- 
2.3.0

Please provide some guide/steps on how to implement this patch on the server?
 

10 More Discussions You Might Find Interesting

1. Solaris

How to disply the patch version ?!

Hi , I need to collect all information about the patches in my server , I want to know what is the required patch and how to apply it. Regards (2 Replies)
Discussion started by: ArabOracle.com
2 Replies

2. Solaris

How can i see kernel patch version?

Hello experts. How can i see kernel patch version? what are advantages applying that patch? Thanx in advance (5 Replies)
Discussion started by: younus_syed
5 Replies

3. Red Hat

Command to know the Patch Version

Hi, Is there any command to know the patch version?Suppose i installed RTlinux patch in rethat linux.How can i know the patch version installed?Any helps appreciated. Thanks, Sathi. (2 Replies)
Discussion started by: sathiyaraj V
2 Replies

4. Solaris

What kind of steps should be followed while applying patch in real time?

Hi, As in the solaris material i know that the patch is added through the command "patchadd <patch no.>". But i need to know, what are all the steps we have to follow while applying a patch in a production server. My friend says that we have to detach mirror before applying patch and not... (6 Replies)
Discussion started by: Sesha
6 Replies

5. Solaris

Applying Recommended Patch Cluster to Whole Root Zone

Hi there, Apologies if this question has been asked and answered already but I've not been able to find the thread. Question: Is it possible to apply the Solaris 10 Recommended Patch Cluster to a whole root (non-global) zone locally? I.E. apply the patch cluster from the non-global in... (3 Replies)
Discussion started by: nm146332
3 Replies

6. Solaris

Jumpstart and Applying Recommended Patch Cluster

I'm trying to setup our jumpstart server to automatically apply the latest patch cluster during installs, but I'm running into an issue. Every time Jumpstart runs it has this error. Obviously it's processing the patch_order file, so I'm not sure what I'm missing. ... (0 Replies)
Discussion started by: christr
0 Replies

7. HP-UX

Patch For SAMBA.

Hi guys, Question: I downloaded a security update for samba: samba-3.0.7-CAN-2004-0882.patch The question is how can I get in installed? I cannot find instructions anywhere and it is not a tar file. Little help? (1 Reply)
Discussion started by: 300zxmuro
1 Replies

8. UNIX for Dummies Questions & Answers

Typical steps to be followed while applying an application patch upgrade on linux

what are the typical steps used by system adminstrators while applying an application patch upgrade (1 Reply)
Discussion started by: ramky79
1 Replies

9. HP-UX

Samba version on HP-UX

I am running HP-UX 11iv3 March 2013 release. smbstatus -V #output Version 3.4.3 based HP CIFS Server A.03.01.03 What exactly version i am running? is it 3.4.3 or A.03.01.03? Thank you! (1 Reply)
Discussion started by: lamoul
1 Replies

10. Ubuntu

Recompile the kernel after applying a patch in Ubuntu.

I have applied a patch using this command: patch -p1 < (file) then I did git commit -a. Now I want to recompile the kernel for making this patch live. Should I use make oldconfig or make localmodconfig After that, make -j$(grep -c "processor" /proc/cpuinfo) sudo make... (1 Reply)
Discussion started by: BHASKAR JUPUDI
1 Replies
All times are GMT -4. The time now is 01:24 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy