Updated samba packages fix security vulnerability
Publication date: 23 Mar 2014Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4496
Description
In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496)
References
SRPMS
4/core
- samba-3.6.23-1.mga4
3/core
- samba-3.6.15-1.4.mga3