SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1035533
SecurityTracker URL:  http://securitytracker.com/id/1035533
CVE Reference:   CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118   (Links to External Site)
Date:  Apr 13 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.0 to 4.4.0
Description:   Multiple vulnerabilities were reported in Samba. A remote user can cause denial of service conditions on the target system. A remote user can hijack connection. A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can exploit a missing error check in dcesrv_auth_bind_ack() in the DCE/RPC protocol implementation to cause excessive CPU consumption on the target system or cause the target service to crash or execute arbitrary code [CVE-2015-5370]. Versions 3.6.0 to 4.4.0 are affected.

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can hijack the target connection [CVE-2016-2110].

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can spoof a system name to a Domain Controller and obtain session-related information about the spoofed system [CVE-2016-2111].

The LDAP implementation does not enforce integrity protection for LDAP connections. A remote user that can conduct a man-in-the-middle attack can downgrade the target LDAP connection to use no integrity protection and gain access to the connection [CVE-2016-2112].

A remote user that can conduct a man-in-the-middle attack can gain access to LDAP connection [CVE-2016-2113]. Versions 4.0.0 to 4.4.0 are affected.

The system does not enforce the mandatory server signing configuration setting. As a result, a remote user can conduct a man-in-the-middle attack to hijack SMB1 connections [CVE-2016-2114]. Versions 4.0.0 to 4.4.0 are affected.

The IPC implementation does not enforce integrity protection by default. A remote user that can conduct a man-in-the-middle attacker can view and modify data sent via the IPC connection [CVE-2016-2115].

A remote user that can conduct a man-in-the-middle attack against DCE/RPE connections can impersonate the target user against the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD) implementations to obtain read/write access to the target Security Account Manager database [CVE-2016-2118]. This can be exploited to obtain passwords in the database. Versions 3.6.0 to 4.4.0 are affected.

[Editor's note: Microsoft Windows is also affected by this vulnerability, as described in CVE-2016-0128 (Alert ID 1035534). This vulnerability is known as "Badlock".]

Jouni Knuutinen of Synopsys reported the dcesrv_auth_bind_ack() vulnerability. Stefan Metzmacher of SerNet (https://samba.plus) reported the other vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

A remote user can hijack connections.

Solution:   The vendor has issued a fix (4.2.11, 4.3.8, 4.4.2).

The vendor's advisories are available at:

https://www.samba.org/samba/security/CVE-2015-5370.html
https://www.samba.org/samba/security/CVE-2016-2110.html
https://www.samba.org/samba/security/CVE-2016-2111.html
https://www.samba.org/samba/security/CVE-2016-2112.html
https://www.samba.org/samba/security/CVE-2016-2113.html
https://www.samba.org/samba/security/CVE-2016-2114.html
https://www.samba.org/samba/security/CVE-2016-2115.html
https://www.samba.org/samba/security/CVE-2016-2118.html

Vendor URL:  www.samba.org/samba/security/CVE-2015-5370.html (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 5.6 and 5.9.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.2, 6.4, 6.5, and 6.6.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 4 Extended Lifecycle Support.
Apr 13 2016 (Red Hat Issues Fix for Red Hat Gluster Storage) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Gluster Storage for Red Hat Enterprise Linux 7.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7.1.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for samba3x for Red Hat Enterprise Linux 5.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for samba3x for Red Hat Enterprise Linux 5.6 and 5.9.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for samba4 for Red Hat Enterprise Linux 6.2, 6.4, 6.5, and 6.6.
Apr 13 2016 (Red Hat Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Apr 13 2016 (CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
CentOS has issued a fix for CentOS 6.
Apr 13 2016 (CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
CentOS has issued a fix for CentOS 7.
Apr 13 2016 (CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
CentOS has issued a fix for CentOS 5.
Apr 13 2016 (Oracle Issues Fix for Oracle Linux) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Oracle has issued a fix for Oracle Linux 6 and 7.
Apr 13 2016 (Oracle Issues Fix for Oracle Linux) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Oracle has issued a fix for Oracle Linux 6.
Apr 13 2016 (Oracle Issues Fix for Oracle Linux) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Oracle has issued a fix for samba3x for Oracle Linux 5.
Apr 13 2016 (Oracle Issues Fix for Oracle Linux) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Oracle has issued a fix for Oracle Linux 5.
Apr 13 2016 (CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
CentOS has issued a fix for samba4 for CentOS 6.
Apr 13 2016 (CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
CentOS has issued a fix for samba3x for CentOS 5.
Apr 15 2016 (HPE Issues Fix for HPE NonStop Server) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
HPE has issued a fix for HPE NonStop Server.
Apr 18 2016 (Ubuntu Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
Apr 20 2016 (QNAP Systems Issues Fix for QNAP Storage Devices) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
QNAP Systems has issued a fix for QNAP Storage Devices.
Jun 3 2016 (HP Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
HP has issued a fix for HP-UX 11.31.
Jul 8 2016 (IBM Issues Fix for IBM Storwize V7000 Unified) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
IBM has issued a fix for IBM Storwize V7000 Unified.
Jul 27 2016 (IBM Issues Fix for IBM DB2) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
IBM has issued a fix for IBM DB2 LUW.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC