Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2366:Does samba security alert CVE-2012-1182 affect Centrify_Enabled_Samba ?

Centrify DirectControl ,   Centrify DirectControl Plugins ,  

12 April,16 at 11:07 AM

Description

 

The Samba open source organization has released an update to address a vulnerability in Samba versions 3.6.3 and all previous versions.  Exploitation of this vulnerability may allow a remote attacker to use anonymous connections to execute arbitrary code with root privileges.  As noted by Network World, security organizations have rated the vulnerability as moderately critical because best use practices dictate that Samba services should be accessible only over local area networks.

 

US-CERT encourages users and administrators to review the recent Samba Security Announcement and apply any necessary updates to help mitigate the risk.

 

Release Availability

 

Centrify offers a Centrify-enhanced version of Samba that takes the pain out of deploying Samba with an installation program that automatically configures Samba for Active Directory authentication on Centrify-managed systems.  The current version of Centrify-enabled Samba includes Samba version 3.5.11.  Because of the vulnerability in this Samba version, Centrify has released a newer version of its Centrify-enabled Samba to address the security vulnerability in CVE-2012-1182.  We recommend that all users of Centrify-enabled Samba (any version) upgrade to this newer release.

 

The software can be downloaded from the Customer Download Center. Please make sure you are using the binaries that match your OS platform.

 

Upgrade Scenario

 

Upgrading from DirectControl 4.4.2 or later and Centrify-enabled Samba 4.3.1 and later

 

1.      Make sure you take a backup of the Samba configurations ( smb.conf ).

2.      Check the version of Samba and DirectControl you are running.

a.       Run the smbstatus command and look for the version number after “cdc”; for example, Samba version 3.5.11-cdc-4.5.4.

b.      Run the adinfo –version command to make sure you are running a version of DirectControl that is at least 4.4.2 or higher.

3.      Upgrade the centrifydc-samba package using the commands for your platform. For example, on Red Hat, run this command:

rpm –Uvh centrifydc-samba-*.rpm

4.      Upgrade the centrifydc-adbindproxy-*.rpm using the commands for your platform.

5.      Validate you are running the newer version by running the smbstatus command and look for cdc-4.5.4.

6.      Run the adbindproxy.pl script.  For example, on Red Hat, run this command:
               p
erl /usr/share/centrifydc/bin/adbindproxy.pl

 

Upgrading from a DirectControl version earlier than 4.4.2 and Centrify-enabled Samba 4.0.2 and earlier

 

1.      Check the version of Samba and DirectControl you are running.

a.       Run the smbstatus command and look for the version number after “cdc” , e.g. Samba version 3.5.11-cdc-4.5.4

2.      Run the adinfo –version command to find out the version of DirectControl you are running.

3.      Please get in touch with the Support team if you have a lower version of DirectControl and Centrify-enabled Samba.

 

If you need further help, reach out to the Centrify Support team.

 

Additional Note: Find out more about CVE-2012-1182 from the MITRE CVE dictionary and NIST NVD

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.