similar to: libtdb and BADLOCK (CVE-2016-2118)

Do you know why Red Hat updated libtdb as part of their remediation for Badlock on Samba4? https://rhn.redhat.com/errata/RHSA-2016-0612.html On Thu, Jun 2, 2016 at 2:37 PM, Jeremy Allison <jra at samba.org> wrote: > On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote: > > Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba > 3.x > > imply an

On Thu, Jun 02, 2016 at 11:29:25AM -0500, Sam Gardner wrote: > Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x > imply an upgrade to a non-vulnerable version of the tdb library? > > If so, can someone point me to any documentation on the tdb vulnerability? There were no tdb vulnerabilities in the badlock code release.

Hi, Samba has released patch for CVE-2016-2118 from 3.6.x release onwards. We use samba 3.0.35 in our product. Is there any patch available for 3.0.35? -- Regards Madhu

ORACLE have released this patch for Solaris 10 - Samba v3.6.25: IDR152387-03 addressing CVE-2016-2118 (BADLOCK) and other CVEs for S10 SPARC Which has addressed our issue. Thanks -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Gaiseric Vandal Sent: 07 June 2016 14:51 To: samba at lists.samba.org Subject: Re: [Samba] Solaris 10 Configure failure

Hi, Due to "Red Hat Vulnerability Response: BADLOCK", an automatic samba package RHEL5 update was apply on our system. This broke "The trust relationship between this workstation and the primary domain failed" (error message logon client) in my environnement production. So, I use now 3.6.23-12.el5_11, I see they are new directive for smb.conf and some others more restrict

Hi, We support an older version SMB1 server (propietary implementation) which does not support extended security . Mapping a share from that server, using smbclient, was working before applying badlock patches (to the smbclient) , with default settings in smb.conf. However, after applying badlock patches, smbclient fails to map with default settings. When I set the option : "client ntlmv2

Currently running version 3.6.25 on a SPARC Solaris 10 64 bit server. Due to CVE-2016-2118 need to upgrade to version 4.2.11 / 4.3.8 / 4.4.2 No Solaris package available. Configure script fails with “Couldn't determine size of 'bool'” Is it possible to install these versions on Solaris 10 and if so how? Many Thanks Steve. This Email and any attachments contains confidential

Hi, Finally, I have launched "yum downgrade samba*" too for best effort. I am waiting for news until my samba 4 migration. AC-GUYANE <mailto:Johan.Glenac at ac-guyane.fr> *Johan GLENAC* *DSI* Administrateur Système, Réseaux et Télécom *TROUBIRAN :* Route de Baduel - BP 6011 97306 Cayenne *Tél. :* +594 (0) 594 27 22 08 *Fax :* +594 (0) 594 27 22 20 Rectorat - Académie de la

Hi all, A - I thought badlock mitigation was about encrypting SMB traffic, at least most part of it. And this encryption of most part of data transfer could (or should) lower performances. It seems I was wrong: smallest part (something like commands) are encrypted but not SMB traffic (ie file transfer). This for SMB protocol prior to SMB3 (which comes with windows 8). B - According to what I

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello everybody, since the patch for all the badlock bugs it is not possible to access a Samba 4 ADDC-database with ldb-tools. Everytime I try it, I get the following error: root at addc-02:~# ldbsearch -H ldaps://addc-02.example2.net -U administrat or TLS failed to missing crlfile - with 'tls verify peer = as_strict_as_possible' When I

Hi, Microsoft some time ago introduced Hardened UNC Paths, and in April published the Badlock security fixes, which seem to be related to that. Samba at the same time published versions 4.4.1 (and 4.4.2). Even after reading the release notes of Samba 4.4.1 several times, I still do not know whether I must manually adjust smb.conf to be protected from these vulnerabilities. What I do know is

>* Am 13.04.2016 um 07:51 schrieb Mogens Kjaer <mk at lemo.dk <https://lists.centos.org/mailman/listinfo/centos>>: *> >* Hello, *> >* I run a CentOS 6 machine with samba, serving approx. 150 Windows users with samba running as an NT-like PDC. *> >* After today's samba update (samba-3.6.23-30.el6_7.x86_64 etc.), nobody can log in. *> >* They all get the

Thanks for your reply, Louis However, I am still blocked by this problem now. !-_- I tried to set the samba server as the DNS server and visit the shared folder by input "\\aaa.bb.com" at windows 7 client. In some cases it works and will not fail. However the similar abnormal phenomenon also occasionally happens (especially at changing the authentication, such as local to ldap): 1) I can

I will follow this, I have the same issue, I had to downgrade...centos 5.11 latest. On Thu, Apr 14, 2016 at 8:52 AM, Johan GLENAC <johan.glenac at ac-guyane.fr> wrote: > Hi, > > Due to "Red Hat Vulnerability Response: BADLOCK", an automatic samba > package RHEL5 update was apply on our system. > This broke "The trust relationship between this workstation and

CentOS Errata and Security Advisory 2016:0612 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0612.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: f05a3ea1ed28b33cf72db65d3d795e0a3a4f4397c6edf34c2c59fe8226ac52f7 libtdb-1.3.8-1.el6_7.i686.rpm

CentOS Errata and Security Advisory 2016:0612 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0612.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 86c1b11dbd01803b75cd90debd8502031393845d24d7b9ecf77ae949a2402e0b libtdb-1.3.8-1.el7_2.i686.rpm

On 20/06/16 19:53, Dale Schroeder wrote: > On 06/17/2016 4:31 PM, peter lawrie wrote: >> Hi all >> About 18 months ago I connected 14 new Windows 7 PCs to a Centos5.1 >> server >> with samba3x as domain members. There are no other servers on site. >> Today, I had to visit to connect up a PC in a new location. As I would >> normally do I checked for Centos

On Fri, 2016-06-10 at 19:37 +0200, Stefan Kania wrote: > Hello everybody, > > since the patch for all the badlock bugs it is not possible to access > a Samba 4 ADDC-database with ldb-tools. Everytime I try it, I get the > following error: ... > When I add: > ---------------------- > tls verify peer = no_check > ---------------------- > to smb.conf I will get the

I disabled client signing from the client side, via OS X's global nsmb.conf file: https://discussions.apple.com/message/30282470#30282470 The performance was back to over 600 MB/s, as compared to 60 MB/s with signing. It just seems a bit weird to me that Apple, in response to the Badlock bug, would have changed the OS X client default to something with such drastic performance implications,

We applied latest MS security patches on our Windows 2008 R2 domain controllers. That had unexpected consequence of breaking all our Samba servers. They no longer can authenticate with our domain controllers. Looking into this we think it has to do with the BADLOCK security patch. We tried installing the latest Samba, version 4.4.5 which is supposed to be patched for the BADLOCK, but it is