Secure testing team - Feb 2009 - Bug#514151: samba: Account locking out doesnt work with an LDAP backend

Package: samba
Version: 2:3.2.5-4
Severity: critical
Tags: security
Justification: root security hole


This bug make Samba vulnerable to brute-force attack and make possible to gain
administrator''s domain priviledges.
More information about this bug in:
(https://bugzilla.samba.org/show_bug.cgi?id=5825)
This bug was solved on Samba 3.2.6
(http://samba.org/samba/history/samba-3.2.6.html)

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (900, ''testing''), (500,
''unstable''), (250, ''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.28.2 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages samba depends on:
ii  adduser              3.110               add and remove users and groups
ii  debconf [debconf-2.0 1.5.24              Debian configuration management sy
ii  libacl1              2.2.47-2            Access control list shared library
ii  libattr1             1:2.4.43-1          Extended attribute shared library
ii  libc6                2.7-18              GNU C Library: Shared libraries
ii  libcomerr2           1.41.3-1            common error description library
ii  libcups2             1.3.8-1lenny4.1     Common UNIX Printing System(tm) - 
ii  libgnutls26          2.4.2-4             the GNU TLS library - runtime libr
ii  libkrb53             1.6.dfsg.4~beta1-5  MIT Kerberos runtime libraries
ii  libldap-2.4-2        2.4.11-1            OpenLDAP libraries
ii  libpam-modules       1.0.1-5             Pluggable Authentication Modules f
ii  libpam-runtime       1.0.1-5             Runtime support for the PAM librar
ii  libpam0g             1.0.1-5             Pluggable Authentication Modules l
ii  libpopt0             1.14-4              lib for parsing cmdline parameters
ii  libtalloc1           1.2.0~git20080616-1 hierarchical pool based memory all
ii  libwbclient0         2:3.3.0~rc2-4       Samba winbind client library
ii  logrotate            3.7.1-5             Log rotation utility
ii  lsb-base             3.2-20              Linux Standard Base 3.2 init scrip
ii  procps               1:3.2.7-11          /proc file system utilities
ii  samba-common         2:3.2.5-4           Samba common files used by both th
ii  update-inetd         4.31                inetd configuration file updater
ii  zlib1g               1:1.2.3.3.dfsg-12   compression library - runtime

samba recommends no packages.

Versions of packages samba suggests:
pn  ldb-tools                   <none>       (no description available)
ii  openbsd-inetd [inet-superse 0.20080125-2 The OpenBSD Internet Superserver
pn  smbldap-tools               <none>       (no description available)

-- debconf information excluded