SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1035554
SecurityTracker URL:  http://securitytracker.com/id/1035554
CVE Reference:   CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118   (Links to External Site)
Date:  Apr 13 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.0 to 4.4.0
Description:   Multiple vulnerabilities were reported in Samba. A remote user can cause denial of service conditions on the target system. A remote user can hijack connection. A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can exploit a missing error check in dcesrv_auth_bind_ack() in the DCE/RPC protocol implementation to cause excessive CPU consumption on the target system or cause the target service to crash or execute arbitrary code [CVE-2015-5370]. Versions 3.6.0 to 4.4.0 are affected.

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can hijack the target connection [CVE-2016-2110].

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can spoof a system name to a Domain Controller and obtain session-related information about the spoofed system [CVE-2016-2111].

The LDAP implementation does not enforce integrity protection for LDAP connections. A remote user that can conduct a man-in-the-middle attack can downgrade the target LDAP connection to use no integrity protection and gain access to the connection [CVE-2016-2112].

A remote user that can conduct a man-in-the-middle attack can gain access to LDAP connection [CVE-2016-2113]. Versions 4.0.0 to 4.4.0 are affected.

The system does not enforce the mandatory server signing configuration setting. As a result, a remote user can conduct a man-in-the-middle attack to hijack SMB1 connections [CVE-2016-2114]. Versions 4.0.0 to 4.4.0 are affected.

The IPC implementation does not enforce integrity protection by default. A remote user that can conduct a man-in-the-middle attacker can view and modify data sent via the IPC connection [CVE-2016-2115].

A remote user that can conduct a man-in-the-middle attack against DCE/RPE connections can impersonate the target user against the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD) implementations to obtain read/write access to the target Security Account Manager database [CVE-2016-2118]. This can be exploited to obtain passwords in the database. Versions 3.6.0 to 4.4.0 are affected.

[Editor's note: Microsoft Windows is also affected by this vulnerability, as described in CVE-2016-0128 (Alert ID 1035534). This vulnerability is known as "Badlock".]

Jouni Knuutinen of Synopsys reported the dcesrv_auth_bind_ack() vulnerability. Stefan Metzmacher of SerNet (https://samba.plus) reported the other vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

A remote user can hijack connections.

Solution:   CentOS has issued a fix for CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, and CVE-2016-2118.

i386:
74fb292af70d0ec52ac42bba7965c4ec7dac60d99235f499e4796edd4ca7f553 libsmbclient-3.0.33-3.41.el5_11.i386.rpm
0fec71db48075157a7da5ba721a2cdbf1426f78792e123d3f57e6336ead1118d libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm
ad8a497c1fc1218911d63cf9049611df8b8aaba4fd0c06343efeba877df85cee samba-3.0.33-3.41.el5_11.i386.rpm
999c38323a89443590f950c13d710d5e599d9dd101be37ce559af18c2bf71dd6 samba-client-3.0.33-3.41.el5_11.i386.rpm
6e5bb4af1493994d31f99ddf981724d3acafcbb0a8f8ba0a7392ee4067ee19c5 samba-common-3.0.33-3.41.el5_11.i386.rpm
be67a4e293d68e13c9d85f8c37413c27fe5158043155f9f2a39ac2327d63d692 samba-swat-3.0.33-3.41.el5_11.i386.rpm

x86_64:
74fb292af70d0ec52ac42bba7965c4ec7dac60d99235f499e4796edd4ca7f553 libsmbclient-3.0.33-3.41.el5_11.i386.rpm
a1205e53d66d60f6e87610af1173c5d2e0cbe0ae77895109ce353ec51e3a1ad4 libsmbclient-3.0.33-3.41.el5_11.x86_64.rpm
0fec71db48075157a7da5ba721a2cdbf1426f78792e123d3f57e6336ead1118d libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm
a636717815cf7bad4b79d62ec8cb408ce27ee3b177c7205188979d5abbb15290 libsmbclient-devel-3.0.33-3.41.el5_11.x86_64.rpm
bc0304f2406f7af049f764cd0f59897f758fdb03b340e68e3e97d4c39233ce53 samba-3.0.33-3.41.el5_11.x86_64.rpm
19287414be649cb94b0587aca43bff5ff19dff4c19e12270993416498805938c samba-client-3.0.33-3.41.el5_11.x86_64.rpm
6e5bb4af1493994d31f99ddf981724d3acafcbb0a8f8ba0a7392ee4067ee19c5 samba-common-3.0.33-3.41.el5_11.i386.rpm
6644d789f4ad5a5d0da456095fda4b382e1cd09678316c3b5ee9cb6db7656887 samba-common-3.0.33-3.41.el5_11.x86_64.rpm
3943afa0dc2428ce7b762bfa34abf8259f50e88896110bcdc345cc81ac67c99e samba-swat-3.0.33-3.41.el5_11.x86_64.rpm

Source:
aeb54cadda0816235b444ca19762118401ac6f8bcc97004e7b80794f12212223 samba-3.0.33-3.41.el5_11.src.rpm

Cause:   Access control error, Authentication error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Apr 13 2016 Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0621 Important CentOS 5 samba Security Update


CentOS Errata and Security Advisory 2016:0621 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0621.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
74fb292af70d0ec52ac42bba7965c4ec7dac60d99235f499e4796edd4ca7f553  libsmbclient-3.0.33-3.41.el5_11.i386.rpm
0fec71db48075157a7da5ba721a2cdbf1426f78792e123d3f57e6336ead1118d  libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm
ad8a497c1fc1218911d63cf9049611df8b8aaba4fd0c06343efeba877df85cee  samba-3.0.33-3.41.el5_11.i386.rpm
999c38323a89443590f950c13d710d5e599d9dd101be37ce559af18c2bf71dd6  samba-client-3.0.33-3.41.el5_11.i386.rpm
6e5bb4af1493994d31f99ddf981724d3acafcbb0a8f8ba0a7392ee4067ee19c5  samba-common-3.0.33-3.41.el5_11.i386.rpm
be67a4e293d68e13c9d85f8c37413c27fe5158043155f9f2a39ac2327d63d692  samba-swat-3.0.33-3.41.el5_11.i386.rpm

x86_64:
74fb292af70d0ec52ac42bba7965c4ec7dac60d99235f499e4796edd4ca7f553  libsmbclient-3.0.33-3.41.el5_11.i386.rpm
a1205e53d66d60f6e87610af1173c5d2e0cbe0ae77895109ce353ec51e3a1ad4  libsmbclient-3.0.33-3.41.el5_11.x86_64.rpm
0fec71db48075157a7da5ba721a2cdbf1426f78792e123d3f57e6336ead1118d  libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm
a636717815cf7bad4b79d62ec8cb408ce27ee3b177c7205188979d5abbb15290  libsmbclient-devel-3.0.33-3.41.el5_11.x86_64.rpm
bc0304f2406f7af049f764cd0f59897f758fdb03b340e68e3e97d4c39233ce53  samba-3.0.33-3.41.el5_11.x86_64.rpm
19287414be649cb94b0587aca43bff5ff19dff4c19e12270993416498805938c  samba-client-3.0.33-3.41.el5_11.x86_64.rpm
6e5bb4af1493994d31f99ddf981724d3acafcbb0a8f8ba0a7392ee4067ee19c5  samba-common-3.0.33-3.41.el5_11.i386.rpm
6644d789f4ad5a5d0da456095fda4b382e1cd09678316c3b5ee9cb6db7656887  samba-common-3.0.33-3.41.el5_11.x86_64.rpm
3943afa0dc2428ce7b762bfa34abf8259f50e88896110bcdc345cc81ac67c99e  samba-swat-3.0.33-3.41.el5_11.x86_64.rpm

Source:
aeb54cadda0816235b444ca19762118401ac6f8bcc97004e7b80794f12212223  samba-3.0.33-3.41.el5_11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC