samba -- multiple vulnerabilities


The samba project reports: Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which allows authentication using NTLMv1 over an SMB1 transport (either directory or via NETLOGON SamLogon calls from a member server), even when NTLMv1 is explicitly disabled on the server. Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer. Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server to overwrite client heap memory by returning an extra long filename in a directory listing. Missing database output checks on the returned directory attributes from the LDB database layer cause the DsCrackNames call in the DRSUAPI server to crash when following a NULL pointer. All versions of the Samba Active Directory LDAP server from 4.0.0 onwards are vulnerable to the disclosure of confidential attribute values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor.

Affected Package

OS OS Version Package Name Package Version
FreeBSD any samba46 4.6.16
FreeBSD any samba47 4.7.9
FreeBSD any samba48 4.8.4