[pca] Oracle samba patch for samba CVE-2015-0240
Vecchiato Michele (privato)
michele.vecchiato at gmail.com
Fri Feb 27 18:20:26 CET 2015
On 02/26/2015 07:29 PM, McGraw, Robert P wrote:
>
>
> https://www.samba.org/samba/security/CVE-2015-0240 shows the following in the header
>
>
> CVE-2015-0240.html:
>
> ===========================================================
> == Subject: Unexpected code execution in smbd.
> ==
> == CVE ID#: CVE-2015-0240
> ==
> == Versions: Samba 3.5.0 to 4.2.0rc4
> ==
> == Summary: Unauthenticated code execution attack on
> == smbd file services.
> ==
> ===========================================================
> The latest samba patch is 119758-33, but not sure what version of
> samba this will be.
> Pca –r 119758-33 give the following header info.
>
> Keywords: security ldap upgrade services samba man pages
>
> Synopsis: SunOS 5.10_x86: Samba patch
>
> Date: Sep/12/2014
>
> Does anyone know what version number of samba when I install patch
> 119758-33?
>
> Does anyone know if this patch number fixed the above samba problem or
> is there another patch that needs to be added or is added by another
> patch ID?
>
> Thanks
>
> Robert
>
Hi Robert,
I don't find any Solaris patch of CVE-2015-0240 on MOS Article
"Reference Index of CVE IDs and Solaris Patches (Doc ID 1448883.1)"
(https://support.oracle.com/epmos/faces/DocContentDisplay?id=1448883.1)
[Required a credentials].
Try to applied the Samba Workaround from
https://www.samba.org/samba/security/CVE-2015-0240
---8<---
==========
Workaround
==========
On Samba versions 4.0.0 and above, add the line:
rpc_server:netlogon=disabled
to the [global] section of your smb.conf. For Samba versions 3.6.x and
earlier, this workaround is not available.
---8<---
I suppose Oracle Security Team working for release a patch for this
vulnerability
(http://www.oracle.com/us/support/assurance/vulnerability-remediation/security-fixing/index.html).
If you have a valid support identifier number (Support Contract), open a
Service Request (SR) for fix this (a IDR pacthes).
HTH
Michele V.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.univie.ac.at/pipermail/pca/attachments/20150227/7f4b20c6/attachment.html>
More information about the pca
mailing list