SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1035553
SecurityTracker URL:  http://securitytracker.com/id/1035553
CVE Reference:   CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118   (Links to External Site)
Date:  Apr 13 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.0 to 4.4.0
Description:   Multiple vulnerabilities were reported in Samba. A remote user can cause denial of service conditions on the target system. A remote user can hijack connection. A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can exploit a missing error check in dcesrv_auth_bind_ack() in the DCE/RPC protocol implementation to cause excessive CPU consumption on the target system or cause the target service to crash or execute arbitrary code [CVE-2015-5370]. Versions 3.6.0 to 4.4.0 are affected.

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can hijack the target connection [CVE-2016-2110].

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can spoof a system name to a Domain Controller and obtain session-related information about the spoofed system [CVE-2016-2111].

The LDAP implementation does not enforce integrity protection for LDAP connections. A remote user that can conduct a man-in-the-middle attack can downgrade the target LDAP connection to use no integrity protection and gain access to the connection [CVE-2016-2112].

A remote user that can conduct a man-in-the-middle attack can gain access to LDAP connection [CVE-2016-2113]. Versions 4.0.0 to 4.4.0 are affected.

The system does not enforce the mandatory server signing configuration setting. As a result, a remote user can conduct a man-in-the-middle attack to hijack SMB1 connections [CVE-2016-2114]. Versions 4.0.0 to 4.4.0 are affected.

The IPC implementation does not enforce integrity protection by default. A remote user that can conduct a man-in-the-middle attacker can view and modify data sent via the IPC connection [CVE-2016-2115].

A remote user that can conduct a man-in-the-middle attack against DCE/RPE connections can impersonate the target user against the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD) implementations to obtain read/write access to the target Security Account Manager database [CVE-2016-2118]. This can be exploited to obtain passwords in the database. Versions 3.6.0 to 4.4.0 are affected.

[Editor's note: Microsoft Windows is also affected by this vulnerability, as described in CVE-2016-0128 (Alert ID 1035534). This vulnerability is known as "Badlock".]

Jouni Knuutinen of Synopsys reported the dcesrv_auth_bind_ack() vulnerability. Stefan Metzmacher of SerNet (https://samba.plus) reported the other vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

A remote user can hijack connections.

Solution:   CentOS has issued a fix.

x86_64:
44d599058a950954709e0e536a10d3d6f446c97e810a16ea4fdf24102c40e1cf ctdb-4.2.10-6.el7_2.x86_64.rpm
9af25136003489a571e631716eea854c0af17a2b5a3a6eb6f83340af9e2605d3 ctdb-devel-4.2.10-6.el7_2.i686.rpm
1aa8634aaac774d960822c0b165b73417f1d27cf5fbf8fa8508586204231d560 ctdb-devel-4.2.10-6.el7_2.x86_64.rpm
57f6dbbbe48edb0329850e65f87fd4cfae8bb7e118dabc9d24aa2ba429cc272d ctdb-tests-4.2.10-6.el7_2.x86_64.rpm
e35d646d8951874f522bfb548eb9b4e5b1cedb6c5bb190c131f75eb9d9250dca libsmbclient-4.2.10-6.el7_2.i686.rpm
2c883bb70b03eeb2a525183d886941e9651bfb6a444f1876f5fd8562d2c7fcfe libsmbclient-4.2.10-6.el7_2.x86_64.rpm
52bb7e3b31d77f3b7f987f5514f38029e2e66d6021e06ca3a4275b296eb9974a libsmbclient-devel-4.2.10-6.el7_2.i686.rpm
eadb212bd70354da839afdc35e03de6776cec7047ef8afe74639e48a53f3ff37 libsmbclient-devel-4.2.10-6.el7_2.x86_64.rpm
842633aa70c896e350ba2412d0f28d202378a684ee2eecefa8341b44c94293ef libwbclient-4.2.10-6.el7_2.i686.rpm
23189fc14e61e3b8e5fb87018049e4cf46d66f51da6b1da2cdfff21174658a6e libwbclient-4.2.10-6.el7_2.x86_64.rpm
f0570761854dd6e3a2c16250a48bd718fbaa40f94fb63900ea19d00965207e98 libwbclient-devel-4.2.10-6.el7_2.i686.rpm
789ef3f8a7cabffcae3a83aee913720d6930db9a4ffe4b11500b56d074214332 libwbclient-devel-4.2.10-6.el7_2.x86_64.rpm
b164705d7c9d8e5f86f1c2573e5632c0742f042c98b3815767509ceb6b9432cb samba-4.2.10-6.el7_2.x86_64.rpm
81a6538d667168dc6d0233226b8d956859d096ce4b52accc78baaf757c746f57 samba-client-4.2.10-6.el7_2.x86_64.rpm
fda52485fab5af9ad480a15cdf0469d83b8b9fdfb502f3ea79939807ec25aa7a samba-client-libs-4.2.10-6.el7_2.i686.rpm
fb547aeb56e16c071be55a9f51efe84a20d4d93a430874f22b7d53254634ec14 samba-client-libs-4.2.10-6.el7_2.x86_64.rpm
8bb7982d8e15119193edc9fbfd2004eb420cfabaecb4450f2e753d3ac274b66c samba-common-4.2.10-6.el7_2.noarch.rpm
5edd9f6fbb34db7ec6998d5029ca7039a1ba97c62d6444348a8bf216c43f51eb samba-common-libs-4.2.10-6.el7_2.x86_64.rpm
6281d0f307bde0474d3938c424ed6164c82f703a8f4f3c2c0b538209b33d3434 samba-common-tools-4.2.10-6.el7_2.x86_64.rpm
4215a81595a7a95a90cbcde9d1e9b8fad16b0b9fb54e0459ebaa6675a98ba83f samba-dc-4.2.10-6.el7_2.x86_64.rpm
96da8c9264ec23428e16f982384fb0960846347513cebcee0b70706e4ca35678 samba-dc-libs-4.2.10-6.el7_2.x86_64.rpm
01198128a51f4975cfb9348ecd674a2a311789bf737cb8e56f455c9e2a9e78e1 samba-devel-4.2.10-6.el7_2.i686.rpm
378553ddab66ef7ec9597fa58f63e3ec18b757534eb472876de88dc86a87e799 samba-devel-4.2.10-6.el7_2.x86_64.rpm
682374bd18c39aa1e5d4742570d6a553d263508ffecd6f939cc651ef4dea6ac2 samba-libs-4.2.10-6.el7_2.i686.rpm
23e7cb464aabe859859abd8f83696048c2ce0326e31ee22a48420279b0c13bf6 samba-libs-4.2.10-6.el7_2.x86_64.rpm
c42a1a2679b52991ec44b007cf4675e31d442d640864c64765a18dec5aeb3ddf samba-pidl-4.2.10-6.el7_2.noarch.rpm
b0447a378afb4d179a645a17ff3c131497a779e45911a485c1e1fda1b4656dd7 samba-python-4.2.10-6.el7_2.x86_64.rpm
4bafa13eacf1483f5528cbd79b5ce45a3872f3ef7a8ab017506b4aa912dc3751 samba-test-4.2.10-6.el7_2.x86_64.rpm
1939a026087f5f52c2197ea3a02602c9d81b7c64c2b2208c101531bcea0c9773 samba-test-devel-4.2.10-6.el7_2.x86_64.rpm
e82542136a44d906d933e8bef2e7e421d8c93f867af331b6ee65758cb87beb4d samba-test-libs-4.2.10-6.el7_2.i686.rpm
63b3dd0a23dad949390b4c3ea0094a80306beca87f107c2eb7923a8d688f5a5c samba-test-libs-4.2.10-6.el7_2.x86_64.rpm
e24cae43f5750fe77dceb72d16efd8109b32d503e2c04e5ed2c0113595318976 samba-vfs-glusterfs-4.2.10-6.el7_2.x86_64.rpm
d46cab2d7d79d8eeb758237b6a23c19caade81b25198a08f52e216edd5c1bfea samba-winbind-4.2.10-6.el7_2.x86_64.rpm
fed433b93b1f52e1e3eb4f912aa5176423b205d4fcf567851d02e2fe0c34dcec samba-winbind-clients-4.2.10-6.el7_2.x86_64.rpm
54be865a7c815a57a33356150254433995c65fcb0e724a145fe611240dcc2d25 samba-winbind-krb5-locator-4.2.10-6.el7_2.x86_64.rpm
5dc72d4405046500b2ead6c16fd8109a4e09e0c904ca6d31d94fe10bdf999a38 samba-winbind-modules-4.2.10-6.el7_2.i686.rpm
250834c6319ebda3039e69c8496c6493f237edd768290637f0bbd00902c3b9ad samba-winbind-modules-4.2.10-6.el7_2.x86_64.rpm

Source:
f33ae4002f56e17d8cc132676bb87c1a510d8ed96143fe51a77335b43a736446 samba-4.2.10-6.el7_2.src.rpm

Cause:   Access control error, Authentication error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Apr 13 2016 Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0612 Critical CentOS 7 samba Security Update


CentOS Errata and Security Advisory 2016:0612 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0612.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
44d599058a950954709e0e536a10d3d6f446c97e810a16ea4fdf24102c40e1cf  ctdb-4.2.10-6.el7_2.x86_64.rpm
9af25136003489a571e631716eea854c0af17a2b5a3a6eb6f83340af9e2605d3  ctdb-devel-4.2.10-6.el7_2.i686.rpm
1aa8634aaac774d960822c0b165b73417f1d27cf5fbf8fa8508586204231d560  ctdb-devel-4.2.10-6.el7_2.x86_64.rpm
57f6dbbbe48edb0329850e65f87fd4cfae8bb7e118dabc9d24aa2ba429cc272d  ctdb-tests-4.2.10-6.el7_2.x86_64.rpm
e35d646d8951874f522bfb548eb9b4e5b1cedb6c5bb190c131f75eb9d9250dca  libsmbclient-4.2.10-6.el7_2.i686.rpm
2c883bb70b03eeb2a525183d886941e9651bfb6a444f1876f5fd8562d2c7fcfe  libsmbclient-4.2.10-6.el7_2.x86_64.rpm
52bb7e3b31d77f3b7f987f5514f38029e2e66d6021e06ca3a4275b296eb9974a  libsmbclient-devel-4.2.10-6.el7_2.i686.rpm
eadb212bd70354da839afdc35e03de6776cec7047ef8afe74639e48a53f3ff37  libsmbclient-devel-4.2.10-6.el7_2.x86_64.rpm
842633aa70c896e350ba2412d0f28d202378a684ee2eecefa8341b44c94293ef  libwbclient-4.2.10-6.el7_2.i686.rpm
23189fc14e61e3b8e5fb87018049e4cf46d66f51da6b1da2cdfff21174658a6e  libwbclient-4.2.10-6.el7_2.x86_64.rpm
f0570761854dd6e3a2c16250a48bd718fbaa40f94fb63900ea19d00965207e98  libwbclient-devel-4.2.10-6.el7_2.i686.rpm
789ef3f8a7cabffcae3a83aee913720d6930db9a4ffe4b11500b56d074214332  libwbclient-devel-4.2.10-6.el7_2.x86_64.rpm
b164705d7c9d8e5f86f1c2573e5632c0742f042c98b3815767509ceb6b9432cb  samba-4.2.10-6.el7_2.x86_64.rpm
81a6538d667168dc6d0233226b8d956859d096ce4b52accc78baaf757c746f57  samba-client-4.2.10-6.el7_2.x86_64.rpm
fda52485fab5af9ad480a15cdf0469d83b8b9fdfb502f3ea79939807ec25aa7a  samba-client-libs-4.2.10-6.el7_2.i686.rpm
fb547aeb56e16c071be55a9f51efe84a20d4d93a430874f22b7d53254634ec14  samba-client-libs-4.2.10-6.el7_2.x86_64.rpm
8bb7982d8e15119193edc9fbfd2004eb420cfabaecb4450f2e753d3ac274b66c  samba-common-4.2.10-6.el7_2.noarch.rpm
5edd9f6fbb34db7ec6998d5029ca7039a1ba97c62d6444348a8bf216c43f51eb  samba-common-libs-4.2.10-6.el7_2.x86_64.rpm
6281d0f307bde0474d3938c424ed6164c82f703a8f4f3c2c0b538209b33d3434  samba-common-tools-4.2.10-6.el7_2.x86_64.rpm
4215a81595a7a95a90cbcde9d1e9b8fad16b0b9fb54e0459ebaa6675a98ba83f  samba-dc-4.2.10-6.el7_2.x86_64.rpm
96da8c9264ec23428e16f982384fb0960846347513cebcee0b70706e4ca35678  samba-dc-libs-4.2.10-6.el7_2.x86_64.rpm
01198128a51f4975cfb9348ecd674a2a311789bf737cb8e56f455c9e2a9e78e1  samba-devel-4.2.10-6.el7_2.i686.rpm
378553ddab66ef7ec9597fa58f63e3ec18b757534eb472876de88dc86a87e799  samba-devel-4.2.10-6.el7_2.x86_64.rpm
682374bd18c39aa1e5d4742570d6a553d263508ffecd6f939cc651ef4dea6ac2  samba-libs-4.2.10-6.el7_2.i686.rpm
23e7cb464aabe859859abd8f83696048c2ce0326e31ee22a48420279b0c13bf6  samba-libs-4.2.10-6.el7_2.x86_64.rpm
c42a1a2679b52991ec44b007cf4675e31d442d640864c64765a18dec5aeb3ddf  samba-pidl-4.2.10-6.el7_2.noarch.rpm
b0447a378afb4d179a645a17ff3c131497a779e45911a485c1e1fda1b4656dd7  samba-python-4.2.10-6.el7_2.x86_64.rpm
4bafa13eacf1483f5528cbd79b5ce45a3872f3ef7a8ab017506b4aa912dc3751  samba-test-4.2.10-6.el7_2.x86_64.rpm
1939a026087f5f52c2197ea3a02602c9d81b7c64c2b2208c101531bcea0c9773  samba-test-devel-4.2.10-6.el7_2.x86_64.rpm
e82542136a44d906d933e8bef2e7e421d8c93f867af331b6ee65758cb87beb4d  samba-test-libs-4.2.10-6.el7_2.i686.rpm
63b3dd0a23dad949390b4c3ea0094a80306beca87f107c2eb7923a8d688f5a5c  samba-test-libs-4.2.10-6.el7_2.x86_64.rpm
e24cae43f5750fe77dceb72d16efd8109b32d503e2c04e5ed2c0113595318976  samba-vfs-glusterfs-4.2.10-6.el7_2.x86_64.rpm
d46cab2d7d79d8eeb758237b6a23c19caade81b25198a08f52e216edd5c1bfea  samba-winbind-4.2.10-6.el7_2.x86_64.rpm
fed433b93b1f52e1e3eb4f912aa5176423b205d4fcf567851d02e2fe0c34dcec  samba-winbind-clients-4.2.10-6.el7_2.x86_64.rpm
54be865a7c815a57a33356150254433995c65fcb0e724a145fe611240dcc2d25  samba-winbind-krb5-locator-4.2.10-6.el7_2.x86_64.rpm
5dc72d4405046500b2ead6c16fd8109a4e09e0c904ca6d31d94fe10bdf999a38  samba-winbind-modules-4.2.10-6.el7_2.i686.rpm
250834c6319ebda3039e69c8496c6493f237edd768290637f0bbd00902c3b9ad  samba-winbind-modules-4.2.10-6.el7_2.x86_64.rpm

Source:
f33ae4002f56e17d8cc132676bb87c1a510d8ed96143fe51a77335b43a736446  samba-4.2.10-6.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC