Bug #3395
Samba Badlock
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | <multiple packages> | |||
Target version: | v6.7 | |||
Security class: | Resolution: | |||
Affected version: | v6.7 | NEEDINFO: | No |
Description
On April 12th, 2016, a new security bug named Badlock, has been disclosed.
The bug affects almost all current Samba releases.
Official site: http://badlock.org17
Red Hat and CentOS already released the updates: https://access.redhat.com/security/vulnerabilities/badlock14
All Windows machines joined to NethServer will not be able to login to the server after Samba update.
We are still investigating the issue, updates will be posted here, in the meanwhile we suggest not to update the Samba packages if you're using NS as PDC.
Workaround 1: users who already updated the system, should downgrade all samba packages sign following command (edited, thanks to @maxbet):
yum downgrade samba* tdb-tools libtdb libtevent libtalloc pytalloc libldb
Workaround 2: use local cached credentials by disconnecting network cable from the Windows machine before login.
Reference: http://community.nethserver.org/t/security-advisory-badlock-bug/3141
Upstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=1326918
Related issues
History
#1 Updated by Giacomo Sanchietti about 5 years ago
- Category set to <multiple packages>
- Status changed from NEW to TRIAGED
- Target version set to v6.7
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti about 5 years ago
- Related to Bug #3396: Adagios fails to install after Samba badlock updates added
#3 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from TRIAGED to MODIFIED
- % Done changed from 20 to 60
#4 Updated by Giacomo Sanchietti about 5 years ago
- Description updated (diff)
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
Packages from CentOS CR repos (CentOS 6.8) seem to fix the issue.
Package in nethserver-testing:- samba-winbind-clients-3.6.23-35.el6_8.x86_64.rpm
- tdb-tools-1.3.8-3.el6_8.2.x86_64.rpm
- libtdb-1.3.8-3.el6_8.2.x86_64.rpm
- samba-3.6.23-35.el6_8.x86_64.rpm
- samba-winbind-3.6.23-35.el6_8.x86_64.rpm
- samba-common-3.6.23-35.el6_8.x86_64.rpm
- samba-client-3.6.23-35.el6_8.x86_64.rpm
- Check the bug is not reproducible
- To upgrade an existing machine:
yum --enablerepo=nethserver-testing update samba tdb-tools
#5 Updated by Nicola Rauso about 5 years ago
- Assignee set to Nicola Rauso
#6 Updated by Nicola Rauso about 5 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Nicola Rauso) - % Done changed from 70 to 90
Test case
- Check the bug is not reproducible
Tested: it works flawlessly
#7 Updated by Giacomo Sanchietti about 5 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- samba-winbind-clients-3.6.23-35.el6_8.x86_64.rpm
- tdb-tools-1.3.8-3.el6_8.2.x86_64.rpm
- libtdb-1.3.8-3.el6_8.2.x86_64.rpm
- samba-3.6.23-35.el6_8.x86_64.rpm
- samba-winbind-3.6.23-35.el6_8.x86_64.rpm
- samba-common-3.6.23-35.el6_8.x86_64.rpm
- samba-client-3.6.23-35.el6_8.x86_64.rpm