USN-1434-1: Samba vulnerability

01 May 2012

Samba could allow a user to gain administrative privileges to the Samba server.

Releases

Packages

  • samba - SMB/CIFS file, print, and login server for Unix

Details

Ivano Cristofolini discovered that Samba incorrectly handled some Local
Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated
attacker could exploit this to grant administrative privileges to arbitrary
users. The administrative privileges could be used to bypass permission checks
performed by the Samba server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04

After a standard system update you may need to review the privileges of Samba
user accounts.

References