Web lists-archives.com

Re: [Samba] Error running CVE-2018-1057_helper on 4.5

Hi Brian,

I tried to run this script on a system running 4.5.15 built from source
under Ubuntu 16.04, but I get the following exception:

# PYTHONPATH="/usr/local/samba/lib/python2.7/site-packages/"
./samba_CVE-2018-1057_helper --lock-pwchange
Temporarily overriding 'dsdb:schema update allowed' setting
Traceback (most recent call last):
  File "./samba_CVE-2018-1057_helper", line 139, in <module>
    sd_helper.modify_sd_on_dn(msg.dn, new_desc)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/sd_utils.py",
line 40, in modify_sd_on_dn
    m.dn = Dn(self.ldb, object_dn)
TypeError: argument 2 must be string, not ldb.Dn
A transaction is still active in ldb context [0x2337ea0] on

I tried doing "kinit Administrator" and then repeating, but that didn't
change the error.

you don't need to kinit. The script directly goes to ldb files.

The script is ok for 4.7 but there is a small fix to make it run for earlier Samba version, cf. the diff in attachment.

I see samba 4.8.0 was released yesterday, which means 4.5.x technically
dropped out of support yesterday too:

the fix for this security flaw has been backport from 4.8 to 4.3, so yes 4.5 can be patched. But I would advise you to use the mitigation script first and prepare and update to 4.7.6 in the coming weeks because, like you said, 4.5 won't get any feature fixes from upstream anymore since 4.8 is out.




However, I also note that a security patch was released for 4.5.15:


Obviously I will have to proceed with the underlying patching and/or
upgrading of Samba.  But if anyone can help me get the short-term fix
working for 4.5, that would be a useful stop-gap.



Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
--- samba_CVE-2018-1057_helper.orig	2018-03-12 18:05:53.000000000 +0100
+++ samba_CVE-2018-1057_helper	2018-03-13 17:30:12.478546263 +0100
@@ -136,7 +136,8 @@ for msg in res:
     operation = "Would modify"
     if not opts.dry_run:
-        sd_helper.modify_sd_on_dn(msg.dn, new_desc)
+        dn_string = str(msg.dn)
+        sd_helper.modify_sd_on_dn(dn_string, new_desc)
         operation = "Modified"
     print("%s change-password ACL right for world on: %s" % (
           operation, msg.dn))
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba