SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1035552
SecurityTracker URL:  http://securitytracker.com/id/1035552
CVE Reference:   CVE-2015-5370, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118   (Links to External Site)
Date:  Apr 13 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.0 to 4.4.0
Description:   Multiple vulnerabilities were reported in Samba. A remote user can cause denial of service conditions on the target system. A remote user can hijack connection. A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can exploit a missing error check in dcesrv_auth_bind_ack() in the DCE/RPC protocol implementation to cause excessive CPU consumption on the target system or cause the target service to crash or execute arbitrary code [CVE-2015-5370]. Versions 3.6.0 to 4.4.0 are affected.

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can hijack the target connection [CVE-2016-2110].

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can spoof a system name to a Domain Controller and obtain session-related information about the spoofed system [CVE-2016-2111].

The LDAP implementation does not enforce integrity protection for LDAP connections. A remote user that can conduct a man-in-the-middle attack can downgrade the target LDAP connection to use no integrity protection and gain access to the connection [CVE-2016-2112].

A remote user that can conduct a man-in-the-middle attack can gain access to LDAP connection [CVE-2016-2113]. Versions 4.0.0 to 4.4.0 are affected.

The system does not enforce the mandatory server signing configuration setting. As a result, a remote user can conduct a man-in-the-middle attack to hijack SMB1 connections [CVE-2016-2114]. Versions 4.0.0 to 4.4.0 are affected.

The IPC implementation does not enforce integrity protection by default. A remote user that can conduct a man-in-the-middle attacker can view and modify data sent via the IPC connection [CVE-2016-2115].

A remote user that can conduct a man-in-the-middle attack against DCE/RPE connections can impersonate the target user against the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD) implementations to obtain read/write access to the target Security Account Manager database [CVE-2016-2118]. This can be exploited to obtain passwords in the database. Versions 3.6.0 to 4.4.0 are affected.

[Editor's note: Microsoft Windows is also affected by this vulnerability, as described in CVE-2016-0128 (Alert ID 1035534). This vulnerability is known as "Badlock".]

Jouni Knuutinen of Synopsys reported the dcesrv_auth_bind_ack() vulnerability. Stefan Metzmacher of SerNet (https://samba.plus) reported the other vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

A remote user can hijack connections.

Solution:   CentOS has issued a fix for CVE-2015-5370, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, and CVE-2016-2118.

i386:
d5f3744dc798fa513d4856aad3a992e836a3c6b29244fbfef4b0b42da1badbac libsmbclient-3.6.23-30.el6_7.i686.rpm
43d3dc3550f227a2aa80d2dd9b347b2f671c17f3b93be5af1f53bd150033c855 libsmbclient-devel-3.6.23-30.el6_7.i686.rpm
4a88c261160bef72540e2f059ad91bd858721721d5953d5002ca1c07df0d72e0 samba-3.6.23-30.el6_7.i686.rpm
bbef66997ee8db5f11941f3cfc7743669ffd283a095fce30426a1a45a7122e90 samba-client-3.6.23-30.el6_7.i686.rpm
6818dc38fab7ce3988ef31093a1a7cede168c659f68e8c16cb410188a2031afc samba-common-3.6.23-30.el6_7.i686.rpm
cb2ef5bcb21579e00e057a2ad94f3dd9aa3d5e890d551c5aa7aef1a0d933654a samba-doc-3.6.23-30.el6_7.i686.rpm
d846675e8d283928d09c9b1414519b9f1804c79d520f4053a0b5b760f3994785 samba-domainjoin-gui-3.6.23-30.el6_7.i686.rpm
137008daf97775269fc041e11bac7da43fe2bf7e249b3bb24444ea5e7bc40c69 samba-swat-3.6.23-30.el6_7.i686.rpm
6a1036223e11a3793b9511cc50e55790b5803736c56f11ed9e74f06786731c99 samba-winbind-3.6.23-30.el6_7.i686.rpm
b95ec7df22dac5a52f2932f4d042eb7b778bb1f2140e4eabe45a0fb2335475ba samba-winbind-clients-3.6.23-30.el6_7.i686.rpm
81288d625b467cfe0286bfdb3e6d8f9c5ac25d8a74d579be7d82edca735ff8ad samba-winbind-devel-3.6.23-30.el6_7.i686.rpm
0e0ef67e0ee5917670417fb214ac137597e94af528c7763250be83b398ac7bbf samba-winbind-krb5-locator-3.6.23-30.el6_7.i686.rpm

x86_64:
d5f3744dc798fa513d4856aad3a992e836a3c6b29244fbfef4b0b42da1badbac libsmbclient-3.6.23-30.el6_7.i686.rpm
3bdd46b034cf383f8c1d9baa3eeda1bd9500feff1a730982677f138c3d45fe25 libsmbclient-3.6.23-30.el6_7.x86_64.rpm
43d3dc3550f227a2aa80d2dd9b347b2f671c17f3b93be5af1f53bd150033c855 libsmbclient-devel-3.6.23-30.el6_7.i686.rpm
7f7427ca3b30314a21a521bd15c12871e6f1a9700c0526768f8b4471cf5f22a0 libsmbclient-devel-3.6.23-30.el6_7.x86_64.rpm
986adb3d503c23bc34318acb88b65ae18c1c436924d142b7efebfc36089d44a8 samba-3.6.23-30.el6_7.x86_64.rpm
537cd77805d7d630691ded245d6bf4309abae69b8ee2d5d074d1efcf3c2af289 samba-client-3.6.23-30.el6_7.x86_64.rpm
6818dc38fab7ce3988ef31093a1a7cede168c659f68e8c16cb410188a2031afc samba-common-3.6.23-30.el6_7.i686.rpm
8ca451ffd4acc3307c38f283a0ac53de744486718106ce298fe5a70988a45a40 samba-common-3.6.23-30.el6_7.x86_64.rpm
e42be934a8fad357849cde0f8abb5021ff241afa85c0b0231b7b7b33c4e6e9f4 samba-doc-3.6.23-30.el6_7.x86_64.rpm
9b099c55345b1b72058685c5f7f9c706ce6035ea49a35636eb9d3f3b12521eca samba-domainjoin-gui-3.6.23-30.el6_7.x86_64.rpm
6f8245cdcd8b4a4ca41953d9d6f154eb1d29e6fba2ef0e12a487ebb3cfe29892 samba-glusterfs-3.6.23-30.el6_7.x86_64.rpm
63f6438db62cc07cec6d0178ba85f99a7f8575b63b4dae605718a45b5e536782 samba-swat-3.6.23-30.el6_7.x86_64.rpm
9adf99d2ad7f21aa7197f86b71f2ec35d900905d143ccafafaec46f34100a0b0 samba-winbind-3.6.23-30.el6_7.x86_64.rpm
b95ec7df22dac5a52f2932f4d042eb7b778bb1f2140e4eabe45a0fb2335475ba samba-winbind-clients-3.6.23-30.el6_7.i686.rpm
91432d4c81b78544df59b6018e524f6eb54153120a33c7e9baa45e808672496a samba-winbind-clients-3.6.23-30.el6_7.x86_64.rpm
81288d625b467cfe0286bfdb3e6d8f9c5ac25d8a74d579be7d82edca735ff8ad samba-winbind-devel-3.6.23-30.el6_7.i686.rpm
d21906730e1f57fbe542289ad49b20c15013d273b5e00a9306f1fe79d1105a61 samba-winbind-devel-3.6.23-30.el6_7.x86_64.rpm
4df6beae3fa75c188cc3dda5e07b090d5788727b9a97bcfbb648e76def3a6b77 samba-winbind-krb5-locator-3.6.23-30.el6_7.x86_64.rpm

Source:
75c462f3c41c2ef7d0a4cb7dd92dcec558d885ccfc325b98075d7955da277a28 samba-3.6.23-30.el6_7.src.rpm

Cause:   Access control error, Authentication error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Apr 13 2016 Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0611 Critical CentOS 6 samba Security Update


CentOS Errata and Security Advisory 2016:0611 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0611.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
d5f3744dc798fa513d4856aad3a992e836a3c6b29244fbfef4b0b42da1badbac  libsmbclient-3.6.23-30.el6_7.i686.rpm
43d3dc3550f227a2aa80d2dd9b347b2f671c17f3b93be5af1f53bd150033c855  libsmbclient-devel-3.6.23-30.el6_7.i686.rpm
4a88c261160bef72540e2f059ad91bd858721721d5953d5002ca1c07df0d72e0  samba-3.6.23-30.el6_7.i686.rpm
bbef66997ee8db5f11941f3cfc7743669ffd283a095fce30426a1a45a7122e90  samba-client-3.6.23-30.el6_7.i686.rpm
6818dc38fab7ce3988ef31093a1a7cede168c659f68e8c16cb410188a2031afc  samba-common-3.6.23-30.el6_7.i686.rpm
cb2ef5bcb21579e00e057a2ad94f3dd9aa3d5e890d551c5aa7aef1a0d933654a  samba-doc-3.6.23-30.el6_7.i686.rpm
d846675e8d283928d09c9b1414519b9f1804c79d520f4053a0b5b760f3994785  samba-domainjoin-gui-3.6.23-30.el6_7.i686.rpm
137008daf97775269fc041e11bac7da43fe2bf7e249b3bb24444ea5e7bc40c69  samba-swat-3.6.23-30.el6_7.i686.rpm
6a1036223e11a3793b9511cc50e55790b5803736c56f11ed9e74f06786731c99  samba-winbind-3.6.23-30.el6_7.i686.rpm
b95ec7df22dac5a52f2932f4d042eb7b778bb1f2140e4eabe45a0fb2335475ba  samba-winbind-clients-3.6.23-30.el6_7.i686.rpm
81288d625b467cfe0286bfdb3e6d8f9c5ac25d8a74d579be7d82edca735ff8ad  samba-winbind-devel-3.6.23-30.el6_7.i686.rpm
0e0ef67e0ee5917670417fb214ac137597e94af528c7763250be83b398ac7bbf  samba-winbind-krb5-locator-3.6.23-30.el6_7.i686.rpm

x86_64:
d5f3744dc798fa513d4856aad3a992e836a3c6b29244fbfef4b0b42da1badbac  libsmbclient-3.6.23-30.el6_7.i686.rpm
3bdd46b034cf383f8c1d9baa3eeda1bd9500feff1a730982677f138c3d45fe25  libsmbclient-3.6.23-30.el6_7.x86_64.rpm
43d3dc3550f227a2aa80d2dd9b347b2f671c17f3b93be5af1f53bd150033c855  libsmbclient-devel-3.6.23-30.el6_7.i686.rpm
7f7427ca3b30314a21a521bd15c12871e6f1a9700c0526768f8b4471cf5f22a0  libsmbclient-devel-3.6.23-30.el6_7.x86_64.rpm
986adb3d503c23bc34318acb88b65ae18c1c436924d142b7efebfc36089d44a8  samba-3.6.23-30.el6_7.x86_64.rpm
537cd77805d7d630691ded245d6bf4309abae69b8ee2d5d074d1efcf3c2af289  samba-client-3.6.23-30.el6_7.x86_64.rpm
6818dc38fab7ce3988ef31093a1a7cede168c659f68e8c16cb410188a2031afc  samba-common-3.6.23-30.el6_7.i686.rpm
8ca451ffd4acc3307c38f283a0ac53de744486718106ce298fe5a70988a45a40  samba-common-3.6.23-30.el6_7.x86_64.rpm
e42be934a8fad357849cde0f8abb5021ff241afa85c0b0231b7b7b33c4e6e9f4  samba-doc-3.6.23-30.el6_7.x86_64.rpm
9b099c55345b1b72058685c5f7f9c706ce6035ea49a35636eb9d3f3b12521eca  samba-domainjoin-gui-3.6.23-30.el6_7.x86_64.rpm
6f8245cdcd8b4a4ca41953d9d6f154eb1d29e6fba2ef0e12a487ebb3cfe29892  samba-glusterfs-3.6.23-30.el6_7.x86_64.rpm
63f6438db62cc07cec6d0178ba85f99a7f8575b63b4dae605718a45b5e536782  samba-swat-3.6.23-30.el6_7.x86_64.rpm
9adf99d2ad7f21aa7197f86b71f2ec35d900905d143ccafafaec46f34100a0b0  samba-winbind-3.6.23-30.el6_7.x86_64.rpm
b95ec7df22dac5a52f2932f4d042eb7b778bb1f2140e4eabe45a0fb2335475ba  samba-winbind-clients-3.6.23-30.el6_7.i686.rpm
91432d4c81b78544df59b6018e524f6eb54153120a33c7e9baa45e808672496a  samba-winbind-clients-3.6.23-30.el6_7.x86_64.rpm
81288d625b467cfe0286bfdb3e6d8f9c5ac25d8a74d579be7d82edca735ff8ad  samba-winbind-devel-3.6.23-30.el6_7.i686.rpm
d21906730e1f57fbe542289ad49b20c15013d273b5e00a9306f1fe79d1105a61  samba-winbind-devel-3.6.23-30.el6_7.x86_64.rpm
4df6beae3fa75c188cc3dda5e07b090d5788727b9a97bcfbb648e76def3a6b77  samba-winbind-krb5-locator-3.6.23-30.el6_7.x86_64.rpm

Source:
75c462f3c41c2ef7d0a4cb7dd92dcec558d885ccfc325b98075d7955da277a28  samba-3.6.23-30.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC