来源:Ubuntu官网
发布日期:2020-09-17
阅读次数:2057
评论:0
更新标题
USN-4510-2: Samba vulnerability
更新详情
samba vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 ESM
Summary
Samba would allow unintended access to files over the network.
Software Description
samba - SMB/CIFS file, print, and login server for Unix
Details
USN-4510-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin.
This update fixes the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which will force a secure netlogon channel. This may result in compatibility issues with older devices. A future update may allow a finer-grained control over this setting.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM
samba - 2:4.3.11+dfsg-0ubuntu0.14.04.20+esm9
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-4510-1
CVE-2020-1472
]]>
软件描述
Ubuntu是一个以桌面应用为主的Linux操作系统
评论