- Issued:
- 2009-02-16
- Updated:
- 2009-02-16
RHBA-2009:0251 - Bug Fix Advisory
Synopsis
samba bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated samba packages that fix three bugs are now available.
Description
Samba is a suite of programs used by machines to share files, printers, and
other information.
- when NT_STATUS is set to NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT,
NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT, or
NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT, attempts to open an
authenticated connection in a Windows 2000 Active Directory environment
will fail automatically. Previously, Samba did not allow for this, and
would attempt to open authenticated sessions in such environments. Now,
when faced with any of these NT_STATUS conditions in an Active Directory
environment, Samba will open an anonymous connection instead.
- when establishing connections with NETLOGON, Samba uses the Active
Directory netlogon negotiate flags even outside of Active Directory
environments. This avoids machines running Windows Server 2008 from
incorrectly identifying the connection attempt as a downgrade attack.
However, these same flags prevent a successful connection with machines
running Windows NT. Therefore, if attempts to make a connection fail while
the Active Directory netlogon negotiate flags are set, Samba will try again
without the flags in place so that successful connections with machines
running Windows NT are possible.
- net is a tool for the administration of Samba and remote CIFS servers. A
previous addition to net contained a built-in assumption that when a user
ran a net subcommand (for example, net join) a the command line, the user
would always provide not only their username, but the corresponding
password too. Therefore, the subcommand would fail when this password was
not provided. In this updated version of Samba, the user is prompted for a
password if one is required.
Users of samba are advised to upgrade to these updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
Fixes
- BZ - 455417 - samba cannot join windows 2000 domains
- BZ - 455418 - Samba server can't authenticate to NT domain after 2008-05-28 update
- BZ - 480926 - Cannot join Windows 2003 domain
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.