Download Samba 3.6.5
Samba, a component that seamlessly integrates Linux/Unix servers and desktops into Active Directory environments using the winbind daemon, is now at version 3.6.5.
Image Credit: www.samba.org
Samba 3.6.5 is just a simple maintenance release, as it's only meant to fix a security issue. According to the developers, Samba versions 3.4.x to 3.6.4 were affected by a vulnerability that allows arbitrary users to modify privileges on a file server.
Samba 3.6.5 Available for DownloadThis is a security release in order to address
CVE-2012-2111 (Incorrect permission checks when granting/removing
privileges can compromise file server security).
Samba 3.4.x to 3.6.4 are affected by a
vulnerability that allows arbitrary users
to modify privileges on a file server.
Changes since 3.6.4:
o Jeremy Allison
* Fix incorrect permission checks when granting/removing
Security checks were incorrectly applied to the Local Security Authority (LSA) remote proceedure calls (RPC) CreateAccount, OpenAccount, AddAccountRights and RemoveAccountRights allowing any authenticated user to modify the privileges database.
This vulnerability was reported by Ivano Cristofolini and the fix was made by Jeremy Allison, which repaired the incorrect permission checks when granting/removing privileges.
All users have been advised to upgrade as soon as possible!
Download Samba 3.6.5 Fixes Security Issue