The version of Samba in our billing server is 4.1.17-Debian.
I have been reminded by our management to implement the patch for Samba on this server.
However, I am not sure how to implement the patch. I have browsed some websites for the correct patch to implement for Samba 4.1.17, and the patch recommended is the patch to address the vulnerability "Unexpected code execution in smbd".
There is no patch specifically for Samba version 4.1.17, however there is one for 4.1.16, and the patch is the same as for 4.1.17, which is to address the "Unexpected code execution in smbd" vulnerability.
When I click on the patch link, I am redirected to a page that displays this :
Code:
From cc4100701bec64cda6fae6a5650c2114f3862579 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 28 Jan 2015 14:47:31 -0800
Subject: [PATCH 1/2] CVE-2015-0240: s3: netlogon: Ensure we don't call
talloc_free on an uninitialized pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
source3/rpc_server/netlogon/srv_netlog_nt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index c903ae8..cab635f 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1101,6 +1101,10 @@ static NTSTATUS netr_creds_server_step_check(struct pipes_struct *p,
bool schannel_global_required = (lp_server_schannel() == true) ? true:false;
struct loadparm_context *lp_ctx;
+ if (creds_out != NULL) {
+ *creds_out = NULL;
+ }
+
if (schannel_global_required) {
status = schannel_check_required(&p->auth,
computer_name,
@@ -1258,7 +1262,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
{
NTSTATUS status = NT_STATUS_OK;
int i;
- struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds = NULL;
DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
--
2.3.0
From 57c186ee4deda5e75d3588fa0252d9817492bb1f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 16 Feb 2015 10:59:23 +0100
Subject: [PATCH 2/2] s3-netlogon: Make sure we do not deference a NULL
pointer.
This is an additional patch for CVE-2015-0240.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---
source3/rpc_server/netlogon/srv_netlog_nt.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index cab635f..2ba3278 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1275,9 +1275,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
+ const char *computer_name = "<unknown>";
+
+ if (creds != NULL && creds->computer_name != NULL) {
+ computer_name = creds->computer_name;
+ }
DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
- r->in.computer_name, creds->computer_name));
+ r->in.computer_name, computer_name));
TALLOC_FREE(creds);
return status;
}
--
2.3.0
Please provide some guide/steps on how to implement this patch on the server?
Hi ,
I need to collect all information about the patches in my server , I want to know what is the required patch and how to apply it.
Regards (2 Replies)
Hi,
Is there any command to know the patch version?Suppose i installed RTlinux patch in rethat linux.How can i know the patch version installed?Any helps appreciated.
Thanks,
Sathi. (2 Replies)
Hi,
As in the solaris material i know that the patch is added through the command "patchadd <patch no.>".
But i need to know, what are all the steps we have to follow while applying a patch in a production server. My friend says that we have to detach mirror before applying patch and not... (6 Replies)
Hi there,
Apologies if this question has been asked and answered already but I've not been able to find the thread.
Question: Is it possible to apply the Solaris 10 Recommended Patch Cluster to a whole root (non-global) zone locally? I.E. apply the patch cluster from the non-global in... (3 Replies)
I'm trying to setup our jumpstart server to automatically apply the latest patch cluster during installs, but I'm running into an issue. Every time Jumpstart runs it has this error. Obviously it's processing the patch_order file, so I'm not sure what I'm missing.
... (0 Replies)
Hi guys,
Question:
I downloaded a security update for samba:
samba-3.0.7-CAN-2004-0882.patch
The question is how can I get in installed? I cannot find instructions anywhere and it is not a tar file.
Little help? (1 Reply)
I am running HP-UX 11iv3 March 2013 release.
smbstatus -V #output
Version 3.4.3 based HP CIFS Server A.03.01.03
What exactly version i am running?
is it 3.4.3 or
A.03.01.03?
Thank you! (1 Reply)
I have applied a patch using this command:
patch -p1 < (file)
then I did git commit -a.
Now I want to recompile the kernel for making this patch live.
Should I use
make oldconfig
or
make localmodconfig
After that,
make -j$(grep -c "processor" /proc/cpuinfo)
sudo make... (1 Reply)