Security Advisory Important: samba security update

Advisory: RHSA-2014:0009-1
Type: Security Advisory
Severity: Important
Issued on: 2014-01-06
Last updated on: 2014-01-06
Affected Products: Red Hat Storage Server 2.1
CVEs ( CVE-2013-4408


Updated samba packages that fix two security issues are now available for
Red Hat Storage.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.

A heap-based buffer overflow flaw was found in the DCE-RPC client code in
Samba. A specially crafted DCE-RPC packet could cause various Samba
programs to crash or, possibly, execute arbitrary code when parsed.
A malicious or compromised Active Directory Domain Controller could use
this flaw to compromise the winbindd daemon running with root privileges.

A flaw was found in the way Samba performed ACL checks on alternate file
and directory data streams. An attacker able to access a CIFS share with
alternate stream support enabled could access alternate data streams
regardless of the underlying file or directory ACL permissions.

Red Hat would like to thank the Samba project for reporting CVE-2013-4408.
Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the
original reporters of this issue.

All users of Red Hat Storage are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. After
installing this update, the smb service will be restarted automatically.


Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Storage Server 2.1

File outdated by:  RHSA-2015:0257
    MD5: 6aa5497d6ed5fe44341d687b777b9155
SHA-256: 695e8586c655b1694319ba75e27bf5c44e5cd3163959c067933d882fa1a69258
File outdated by:  RHSA-2015:0257
    MD5: 11865553a4831a9909f197acda699a93
SHA-256: 816231c16fea1e9cdaa3f1cda5b0c715ce01309609c33b9ba879d57760a80217
File outdated by:  RHSA-2015:0257
    MD5: 432ad8fd9e6a471600d67bfb30130771
SHA-256: 8e288623aa56a9979036dc9b549a52bd0e732afcdaf7ee75fa516f4ea9ee9eaf
File outdated by:  RHSA-2015:0257
    MD5: 7ba3814946017fb76647948bdc4c9573
SHA-256: c54c95a90a9ccbfc60ee9c0175401b2c02afdac3304ca6e271937a25f4f3d81c
File outdated by:  RHSA-2015:0257
    MD5: a11aead9c2d01283f686c546f2446a0f
SHA-256: d18cc58a9ca10651ccf426eb45ea181fa18608a2f283a425348fcadd67c700ee
File outdated by:  RHSA-2015:0257
    MD5: eadc02352dd2713d029cd12232444354
SHA-256: 9aab90571005f9159c08d5edb8a773895dda57b74b3ce4e705387195a07bd677
File outdated by:  RHSA-2015:0257
    MD5: d811fcef50fe2e95bb2c3ba04516b3a8
SHA-256: 8d1fa5f04a76086f9cbd4bfc5b7002e4a7b12d4e28a74e3bf38d76368a1b31aa
File outdated by:  RHSA-2015:0257
    MD5: 4bc2d04f18cec7f75b16766ea007925d
SHA-256: 58569a2b8b370b000f0d234fe426c2a88fa397733385b5cf47daf49b6890f40f
File outdated by:  RHSA-2015:0257
    MD5: 6f116f669d26d7da62664a37cbf14a05
SHA-256: 3487458c4347dea1301758b30739d8473650a60383f3735631eec8b637c7baed
File outdated by:  RHSA-2015:0257
    MD5: bee9a7f3aea1379b3a7b002e123ae314
SHA-256: 1484f83f678b95a1df826583138cc0d03bbe6c8b0214888e46adaa036d9136a2
File outdated by:  RHSA-2015:0257
    MD5: 622cce46a0e64a52b6229105a9d412ff
SHA-256: 3677b87875dd0b11b8bf09f3ea3a1d979988c1e9a83a3d7f9b7384186b33ca94
File outdated by:  RHSA-2015:0257
    MD5: 7a2f48cf1c7ee6946ad90276234fe545
SHA-256: aa6af3476b32b76f7b08a79d293a8acea839a9aea718cfcf6ae3061cdc118b28
File outdated by:  RHSA-2015:0257
    MD5: 0af90316a5cc19e4f0531cc2d455bc45
SHA-256: b89f7a49c6606f4b330cd9b022c03be4ba30a0599ca886e6508c9c828b1911f8
File outdated by:  RHSA-2015:0257
    MD5: 2645335bc783a61498e3d20540deabd2
SHA-256: 624fb5bd5e8135e19cfdc2cb6c8a8937a4fe5f91bdfe638aebbc7337c4eb06ef
File outdated by:  RHSA-2015:0257
    MD5: c0384228da3ace905d3cf75795621975
SHA-256: 71fca0efd60271c99198172ed80172e8c8367d372dcb61ff695e6043898d01f4
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1018032 - CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check
1024542 - CVE-2013-4475 samba: no access check verification on stream files


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at