MGASA-2014-0138

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0138.html

Import Source

https://advisories.mageia.org/MGASA-2014-0138.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0138

Related

CVE-2013-4496

Published

2014-03-23T09:10:03Z

Modified

2014-03-23T08:31:11Z

Summary

Updated samba packages fix security vulnerability

Details

In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.23-1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / samba

Package

Name: samba
Purl: pkg:rpm/mageia/samba?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.15-1.4.mga3

Ecosystem specific

{
    "section": "core"
}