SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Access Data and Files, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1034950
SecurityTracker URL:  http://securitytracker.com/id/1034950
CVE Reference:   CVE-2015-5252, CVE-2015-5296, CVE-2015-5299   (Links to External Site)
Date:  Feb 8 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 4.1.22, 4.2.7, 4.3.3
Description:   Multiple vulnerabilities were reported in Samba. A remote user can access data on the target system. A remote user can consume excessive CPU resources on the target system. A remote user can cause the target system to crash. A remote user can obtain files on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can send a specially crafted request to the target Samba LDAP server to consume excessive CPU resources on the target system and cause the LDAP server to become unresponsive [CVE-2015-3223]. Versions 4.0.0 through 4.3.2 are affected.

Thilo Uttendorfer of Linux Information Systems AG reported this vulnerability.

The smbd server does not properly verify symbolic links (symlinks). In certain situations, a remote user can access files located outside of the exported share path [CVE-2015-5252]. Versions 3.0.0 through 4.3.2 are affected.

Jan 'Yenya' Kasprzak and the Computer Systems Unit team at Faculty of Informatics, Masaryk University reported this vulnerability.

The system does not properly negotiate signing when establishing an encrypted connection. A remote user that can conduct a man-in-the-middle attack can downgrade the connection and then connect via an unsigned, unencrypted connection [CVE-2015-5296]. Versions 3.2.0 through 4.3.2 are affected.

Stefan Metzmacher of SerNet (www.sernet.com) and the Samba Team reported this vulnerability.

The vfs_shadow_copy2 module does not properly enforce access controls. A remote user without the DIRECTORY_LIST access rights can view the current snapshots [CVE-2015-5299]. Versions 3.2.0 through 4.3.2 are affected.

A remote user can send specially crafted packets to cause the LDAP server in the target samba daemon process to return portions of heap memory [CVE-2015-5330]. Versions 4.0.0 through 4.3.2 are affected.

Douglas Bagnall of Catalyst (www.catalyst.net.nz) reported this vulnerability.

A remote authenticated non-administrative user can bypass the quota limit and create excessive accounts on the target system [CVE-2015-8467]. Versions 4.0.0 through 4.3.2 are affected.

A domain environment with Samba and Windows Active Directory Domain Controllers is affected.

Impact:   A remote user can obtain snapshot data on the target system.

A remote user can consume excessive CPU resources on the target system and cause the target LDAP service to become unresponsive.

A remote user can cause the target system to crash.

A remote user can obtain files on the target system that are located outside of the share path.

A remote user can obtain potentially sensitive information on the target system.

Solution:   CentOS has issued a fix for CVE-2015-5252, CVE-2015-5296, and CVE-2015-5299.

i386:
72950df9a934b10dfa2ba2eda29a9c67fccd7316b23d05374cd61dc7039ee9b9 libsmbclient-3.6.23-24.el6_7.i686.rpm
b59b5e8e39e47b1fd37a4af96131f939a77c7239e4e6302b637229da4ccb310a libsmbclient-devel-3.6.23-24.el6_7.i686.rpm
8168d1990d9c4f71d156b8f34170858c744e29ef4687e7dbc770d143ce03a290 samba-3.6.23-24.el6_7.i686.rpm
a02211862b235acef0d2b2084fc49c858070e108714c04e955a63c6a243506c1 samba-client-3.6.23-24.el6_7.i686.rpm
65f889917a29ad57c440662c81c7db17ebe11128fd951c923765aaf4bc383dbb samba-common-3.6.23-24.el6_7.i686.rpm
c95a7a0add86276140ecdea08f259fac7f453ec5397f6f7571f83d5064a11052 samba-doc-3.6.23-24.el6_7.i686.rpm
b09c308680af56796f354cfa63f596e5ab773e2a60c7fc95f7270e1c444fee49 samba-domainjoin-gui-3.6.23-24.el6_7.i686.rpm
32d473dcded297d128ba23b325326a7edf82a46e40b9728b113c9e6dc13b2fa4 samba-swat-3.6.23-24.el6_7.i686.rpm
90d48f4fac26118d9ed5dd226078f856ba39d87d936dc42bb450724048f387e0 samba-winbind-3.6.23-24.el6_7.i686.rpm
55d78111de858437a8ddca083cba76554a4482a2128a969f8cb219e6b6e5e367 samba-winbind-clients-3.6.23-24.el6_7.i686.rpm
dc832c0984c18f4dbb6339d4228e84748bb732416242fa8eb0d26a770e44ada7 samba-winbind-devel-3.6.23-24.el6_7.i686.rpm
bbccd04528b6dd04da648d6264acb876a930860c5e84f6a00380005be7c97ad2 samba-winbind-krb5-locator-3.6.23-24.el6_7.i686.rpm

x86_64:
72950df9a934b10dfa2ba2eda29a9c67fccd7316b23d05374cd61dc7039ee9b9 libsmbclient-3.6.23-24.el6_7.i686.rpm
94d02b91ec551ea77da38d6e909e010eabb070ae791135fd231496d237808173 libsmbclient-3.6.23-24.el6_7.x86_64.rpm
b59b5e8e39e47b1fd37a4af96131f939a77c7239e4e6302b637229da4ccb310a libsmbclient-devel-3.6.23-24.el6_7.i686.rpm
11cab97a5279e60aab168e1040ab936bc8578098bb04523ff74f39500d2442bc libsmbclient-devel-3.6.23-24.el6_7.x86_64.rpm
3749468760897c354dfb8f3a65df18ffc2432c9ef0da15ae5a0b411cd9bba267 samba-3.6.23-24.el6_7.x86_64.rpm
60470720104f409891b492d1c00a4e913b2094de492f928b6c1eed2f9af4dddf samba-client-3.6.23-24.el6_7.x86_64.rpm
65f889917a29ad57c440662c81c7db17ebe11128fd951c923765aaf4bc383dbb samba-common-3.6.23-24.el6_7.i686.rpm
5ec7218ac132f3a9a814d97f3dd272f3f81086ce0530d050fdc0c929f9aa48ec samba-common-3.6.23-24.el6_7.x86_64.rpm
76735ae5f7f5b77dfd0f89f70707d93d7b5edb1658e4ec88b51d747462f7e72c samba-doc-3.6.23-24.el6_7.x86_64.rpm
722feb2af3beadbb86981cce302bf09c55517835193069746db623176354f1f3 samba-domainjoin-gui-3.6.23-24.el6_7.x86_64.rpm
56f6416cf829dd08c83410137c8963e9c3161544823ece16b69a0013b3a187c0 samba-glusterfs-3.6.23-24.el6_7.x86_64.rpm
df5271b196657faeb840a6a6f1532e42af7de1d32a9c6d1c7c5eded89226578b samba-swat-3.6.23-24.el6_7.x86_64.rpm
525d528e07b6b3f244f3a10611312fda99e8fbadbd52e5215e1c1330d0399226 samba-winbind-3.6.23-24.el6_7.x86_64.rpm
55d78111de858437a8ddca083cba76554a4482a2128a969f8cb219e6b6e5e367 samba-winbind-clients-3.6.23-24.el6_7.i686.rpm
c8bc68e7487b696ad4d9f1e611881118bc3bc3169d3e48200024c1ad89be5df0 samba-winbind-clients-3.6.23-24.el6_7.x86_64.rpm
dc832c0984c18f4dbb6339d4228e84748bb732416242fa8eb0d26a770e44ada7 samba-winbind-devel-3.6.23-24.el6_7.i686.rpm
c0f6a7c30a3a7b7389ed74fa72fba293e92c61f36f425e33043012dfd5147809 samba-winbind-devel-3.6.23-24.el6_7.x86_64.rpm
724c5b460e5f3e4157f36849b077c95ada398dc38385c76edd8b3e05a4ab34b3 samba-winbind-krb5-locator-3.6.23-24.el6_7.x86_64.rpm

Source:
777c2658d4bd5768cf217818d464423b58db611e7bc391444ba3f705a772904c samba-3.6.23-24.el6_7.src.rpm

Cause:   Access control error, Resource error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Dec 18 2015 Samba Multiple Flaws Let Remote Users Access Data and Files, Obtain Potentially Sensitive Information, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0011 Moderate CentOS 6 samba Security Update


CentOS Errata and Security Advisory 2016:0011 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0011.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
72950df9a934b10dfa2ba2eda29a9c67fccd7316b23d05374cd61dc7039ee9b9  libsmbclient-3.6.23-24.el6_7.i686.rpm
b59b5e8e39e47b1fd37a4af96131f939a77c7239e4e6302b637229da4ccb310a  libsmbclient-devel-3.6.23-24.el6_7.i686.rpm
8168d1990d9c4f71d156b8f34170858c744e29ef4687e7dbc770d143ce03a290  samba-3.6.23-24.el6_7.i686.rpm
a02211862b235acef0d2b2084fc49c858070e108714c04e955a63c6a243506c1  samba-client-3.6.23-24.el6_7.i686.rpm
65f889917a29ad57c440662c81c7db17ebe11128fd951c923765aaf4bc383dbb  samba-common-3.6.23-24.el6_7.i686.rpm
c95a7a0add86276140ecdea08f259fac7f453ec5397f6f7571f83d5064a11052  samba-doc-3.6.23-24.el6_7.i686.rpm
b09c308680af56796f354cfa63f596e5ab773e2a60c7fc95f7270e1c444fee49  samba-domainjoin-gui-3.6.23-24.el6_7.i686.rpm
32d473dcded297d128ba23b325326a7edf82a46e40b9728b113c9e6dc13b2fa4  samba-swat-3.6.23-24.el6_7.i686.rpm
90d48f4fac26118d9ed5dd226078f856ba39d87d936dc42bb450724048f387e0  samba-winbind-3.6.23-24.el6_7.i686.rpm
55d78111de858437a8ddca083cba76554a4482a2128a969f8cb219e6b6e5e367  samba-winbind-clients-3.6.23-24.el6_7.i686.rpm
dc832c0984c18f4dbb6339d4228e84748bb732416242fa8eb0d26a770e44ada7  samba-winbind-devel-3.6.23-24.el6_7.i686.rpm
bbccd04528b6dd04da648d6264acb876a930860c5e84f6a00380005be7c97ad2  samba-winbind-krb5-locator-3.6.23-24.el6_7.i686.rpm

x86_64:
72950df9a934b10dfa2ba2eda29a9c67fccd7316b23d05374cd61dc7039ee9b9  libsmbclient-3.6.23-24.el6_7.i686.rpm
94d02b91ec551ea77da38d6e909e010eabb070ae791135fd231496d237808173  libsmbclient-3.6.23-24.el6_7.x86_64.rpm
b59b5e8e39e47b1fd37a4af96131f939a77c7239e4e6302b637229da4ccb310a  libsmbclient-devel-3.6.23-24.el6_7.i686.rpm
11cab97a5279e60aab168e1040ab936bc8578098bb04523ff74f39500d2442bc  libsmbclient-devel-3.6.23-24.el6_7.x86_64.rpm
3749468760897c354dfb8f3a65df18ffc2432c9ef0da15ae5a0b411cd9bba267  samba-3.6.23-24.el6_7.x86_64.rpm
60470720104f409891b492d1c00a4e913b2094de492f928b6c1eed2f9af4dddf  samba-client-3.6.23-24.el6_7.x86_64.rpm
65f889917a29ad57c440662c81c7db17ebe11128fd951c923765aaf4bc383dbb  samba-common-3.6.23-24.el6_7.i686.rpm
5ec7218ac132f3a9a814d97f3dd272f3f81086ce0530d050fdc0c929f9aa48ec  samba-common-3.6.23-24.el6_7.x86_64.rpm
76735ae5f7f5b77dfd0f89f70707d93d7b5edb1658e4ec88b51d747462f7e72c  samba-doc-3.6.23-24.el6_7.x86_64.rpm
722feb2af3beadbb86981cce302bf09c55517835193069746db623176354f1f3  samba-domainjoin-gui-3.6.23-24.el6_7.x86_64.rpm
56f6416cf829dd08c83410137c8963e9c3161544823ece16b69a0013b3a187c0  samba-glusterfs-3.6.23-24.el6_7.x86_64.rpm
df5271b196657faeb840a6a6f1532e42af7de1d32a9c6d1c7c5eded89226578b  samba-swat-3.6.23-24.el6_7.x86_64.rpm
525d528e07b6b3f244f3a10611312fda99e8fbadbd52e5215e1c1330d0399226  samba-winbind-3.6.23-24.el6_7.x86_64.rpm
55d78111de858437a8ddca083cba76554a4482a2128a969f8cb219e6b6e5e367  samba-winbind-clients-3.6.23-24.el6_7.i686.rpm
c8bc68e7487b696ad4d9f1e611881118bc3bc3169d3e48200024c1ad89be5df0  samba-winbind-clients-3.6.23-24.el6_7.x86_64.rpm
dc832c0984c18f4dbb6339d4228e84748bb732416242fa8eb0d26a770e44ada7  samba-winbind-devel-3.6.23-24.el6_7.i686.rpm
c0f6a7c30a3a7b7389ed74fa72fba293e92c61f36f425e33043012dfd5147809  samba-winbind-devel-3.6.23-24.el6_7.x86_64.rpm
724c5b460e5f3e4157f36849b077c95ada398dc38385c76edd8b3e05a4ab34b3  samba-winbind-krb5-locator-3.6.23-24.el6_7.x86_64.rpm

Source:
777c2658d4bd5768cf217818d464423b58db611e7bc391444ba3f705a772904c  samba-3.6.23-24.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC