SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1035561
SecurityTracker URL:  http://securitytracker.com/id/1035561
CVE Reference:   CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118   (Links to External Site)
Date:  Apr 13 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.0 to 4.4.0
Description:   Multiple vulnerabilities were reported in Samba. A remote user can cause denial of service conditions on the target system. A remote user can hijack connection. A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can exploit a missing error check in dcesrv_auth_bind_ack() in the DCE/RPC protocol implementation to cause excessive CPU consumption on the target system or cause the target service to crash or execute arbitrary code [CVE-2015-5370]. Versions 3.6.0 to 4.4.0 are affected.

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can hijack the target connection [CVE-2016-2110].

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can spoof a system name to a Domain Controller and obtain session-related information about the spoofed system [CVE-2016-2111].

The LDAP implementation does not enforce integrity protection for LDAP connections. A remote user that can conduct a man-in-the-middle attack can downgrade the target LDAP connection to use no integrity protection and gain access to the connection [CVE-2016-2112].

A remote user that can conduct a man-in-the-middle attack can gain access to LDAP connection [CVE-2016-2113]. Versions 4.0.0 to 4.4.0 are affected.

The system does not enforce the mandatory server signing configuration setting. As a result, a remote user can conduct a man-in-the-middle attack to hijack SMB1 connections [CVE-2016-2114]. Versions 4.0.0 to 4.4.0 are affected.

The IPC implementation does not enforce integrity protection by default. A remote user that can conduct a man-in-the-middle attacker can view and modify data sent via the IPC connection [CVE-2016-2115].

A remote user that can conduct a man-in-the-middle attack against DCE/RPE connections can impersonate the target user against the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD) implementations to obtain read/write access to the target Security Account Manager database [CVE-2016-2118]. This can be exploited to obtain passwords in the database. Versions 3.6.0 to 4.4.0 are affected.

[Editor's note: Microsoft Windows is also affected by this vulnerability, as described in CVE-2016-0128 (Alert ID 1035534). This vulnerability is known as "Badlock".]

Jouni Knuutinen of Synopsys reported the dcesrv_auth_bind_ack() vulnerability. Stefan Metzmacher of SerNet (https://samba.plus) reported the other vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

A remote user can hijack connections.

Solution:   CentOS has issued a fix for samba4.

i386:
cb0d380fd2cbbb7a1dd98c7c24c04e53535f1de876670aed47c09a7dbe972dc4 samba4-4.2.10-6.el6_7.i686.rpm
e0cc3aa0351f485077a546fb17f0721fce47ecc432c9f0d8dc783802dc0e54b9 samba4-client-4.2.10-6.el6_7.i686.rpm
484d2fc878e63b406084f014c08a1f1519a0c47329226216df3e380f4c1bcdc6 samba4-common-4.2.10-6.el6_7.i686.rpm
f71ac4c60403a778d20b5ce570ff63a69045357d18cb72b65e859974b6670c0d samba4-dc-4.2.10-6.el6_7.i686.rpm
cdbe500b06afffba245efbae84c98aa3b7f87c28ba7522176e12c889a9b979c0 samba4-dc-libs-4.2.10-6.el6_7.i686.rpm
742f7133de530b2a787ae32f8525589dcf0b9211e651963a83ca59409b8c9f18 samba4-devel-4.2.10-6.el6_7.i686.rpm
cc3e8a29b057afeae2e6e1eaa4a5b20bd9cbe962e0212ebe56149b6e57f0a6be samba4-libs-4.2.10-6.el6_7.i686.rpm
f53e66021e625c14a4b4870991a052c201ff1c6e24350e8e362981d328ef7589 samba4-pidl-4.2.10-6.el6_7.i686.rpm
7243eb6870e1fbb31f80fd11e542917a4c32352e0bf79821d1f76a9a9ff4d88c samba4-python-4.2.10-6.el6_7.i686.rpm
633005f712d429e2e1a3512a1923b3657fbcbe9974c7ef4b9f5b0db86ad8e539 samba4-test-4.2.10-6.el6_7.i686.rpm
5ae08b81fc54aea8a92dda1f482816b17790e654ef49d5c44c070e4fc274280a samba4-winbind-4.2.10-6.el6_7.i686.rpm
348d0aced5af12c6f763dacd43bfa7afe866edacb6ac9b444fea655156c5e393 samba4-winbind-clients-4.2.10-6.el6_7.i686.rpm
2eb927a393744962396ae1144d9b48089f8a81ef674e0a20822ba944de09292a samba4-winbind-krb5-locator-4.2.10-6.el6_7.i686.rpm

x86_64:
2574b2a829546d0943e7f714c331d287a0d383be982cf9d484e35dcfe936a01d samba4-4.2.10-6.el6_7.x86_64.rpm
8850a5432173d305f3aaa3be165b5f1d980ea5ea698cbcd44a05fcccae950db8 samba4-client-4.2.10-6.el6_7.x86_64.rpm
f506e7a14650fe9e0f4b11078a1476c02ddf4a90e2ddd12729921812f7a411d1 samba4-common-4.2.10-6.el6_7.x86_64.rpm
733954eebcb3eb6e31cf0ca12dedd28b2eec903e83af5d0ba5df768c37ceef8c samba4-dc-4.2.10-6.el6_7.x86_64.rpm
734aa4e824430e3f021d66c6ea5650ed6de4ba5ad4b3bd2b94974d3a8a174edd samba4-dc-libs-4.2.10-6.el6_7.x86_64.rpm
64528bc0b3f4ee0617e184d0cf960a312e31c293000adfd2c5798ee3356b7188 samba4-devel-4.2.10-6.el6_7.x86_64.rpm
259987975181494533e191b3ad0d6d7ca71e6dc3f5b59b5a2db90b769c18db6f samba4-libs-4.2.10-6.el6_7.x86_64.rpm
a532c3ec70bb103242e746deb6c759331f54d98d8dc2980514771cba8c90188b samba4-pidl-4.2.10-6.el6_7.x86_64.rpm
3609ddee926779281e616417b1ec5633a740e6513f612317f308577b00d67be1 samba4-python-4.2.10-6.el6_7.x86_64.rpm
912c8b7faacccbd648e393b1d278864e365b0caeded158798d1d0232aa573de3 samba4-test-4.2.10-6.el6_7.x86_64.rpm
a7662ba6ad6359cebcf0508439dab6a3be4b345765898458bf29e83b4572edff samba4-winbind-4.2.10-6.el6_7.x86_64.rpm
5b2d2d92258778b15adaeec89781db8c433927f79ff607b940a58bc327153ab1 samba4-winbind-clients-4.2.10-6.el6_7.x86_64.rpm
2f71281c9403cfb77d966457b91a6117140c400946e80df3afd730a2da73542c samba4-winbind-krb5-locator-4.2.10-6.el6_7.x86_64.rpm

Source:
bc3dd71c924969dd32bb2dff3af0c1b73c720db05803ffef692d4b52add4e946 samba4-4.2.10-6.el6_7.src.rpm

Cause:   Access control error, Authentication error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Apr 13 2016 Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0612 Critical CentOS 6 samba4 Security Update


CentOS Errata and Security Advisory 2016:0612 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0612.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
cb0d380fd2cbbb7a1dd98c7c24c04e53535f1de876670aed47c09a7dbe972dc4  samba4-4.2.10-6.el6_7.i686.rpm
e0cc3aa0351f485077a546fb17f0721fce47ecc432c9f0d8dc783802dc0e54b9  samba4-client-4.2.10-6.el6_7.i686.rpm
484d2fc878e63b406084f014c08a1f1519a0c47329226216df3e380f4c1bcdc6  samba4-common-4.2.10-6.el6_7.i686.rpm
f71ac4c60403a778d20b5ce570ff63a69045357d18cb72b65e859974b6670c0d  samba4-dc-4.2.10-6.el6_7.i686.rpm
cdbe500b06afffba245efbae84c98aa3b7f87c28ba7522176e12c889a9b979c0  samba4-dc-libs-4.2.10-6.el6_7.i686.rpm
742f7133de530b2a787ae32f8525589dcf0b9211e651963a83ca59409b8c9f18  samba4-devel-4.2.10-6.el6_7.i686.rpm
cc3e8a29b057afeae2e6e1eaa4a5b20bd9cbe962e0212ebe56149b6e57f0a6be  samba4-libs-4.2.10-6.el6_7.i686.rpm
f53e66021e625c14a4b4870991a052c201ff1c6e24350e8e362981d328ef7589  samba4-pidl-4.2.10-6.el6_7.i686.rpm
7243eb6870e1fbb31f80fd11e542917a4c32352e0bf79821d1f76a9a9ff4d88c  samba4-python-4.2.10-6.el6_7.i686.rpm
633005f712d429e2e1a3512a1923b3657fbcbe9974c7ef4b9f5b0db86ad8e539  samba4-test-4.2.10-6.el6_7.i686.rpm
5ae08b81fc54aea8a92dda1f482816b17790e654ef49d5c44c070e4fc274280a  samba4-winbind-4.2.10-6.el6_7.i686.rpm
348d0aced5af12c6f763dacd43bfa7afe866edacb6ac9b444fea655156c5e393  samba4-winbind-clients-4.2.10-6.el6_7.i686.rpm
2eb927a393744962396ae1144d9b48089f8a81ef674e0a20822ba944de09292a  samba4-winbind-krb5-locator-4.2.10-6.el6_7.i686.rpm

x86_64:
2574b2a829546d0943e7f714c331d287a0d383be982cf9d484e35dcfe936a01d  samba4-4.2.10-6.el6_7.x86_64.rpm
8850a5432173d305f3aaa3be165b5f1d980ea5ea698cbcd44a05fcccae950db8  samba4-client-4.2.10-6.el6_7.x86_64.rpm
f506e7a14650fe9e0f4b11078a1476c02ddf4a90e2ddd12729921812f7a411d1  samba4-common-4.2.10-6.el6_7.x86_64.rpm
733954eebcb3eb6e31cf0ca12dedd28b2eec903e83af5d0ba5df768c37ceef8c  samba4-dc-4.2.10-6.el6_7.x86_64.rpm
734aa4e824430e3f021d66c6ea5650ed6de4ba5ad4b3bd2b94974d3a8a174edd  samba4-dc-libs-4.2.10-6.el6_7.x86_64.rpm
64528bc0b3f4ee0617e184d0cf960a312e31c293000adfd2c5798ee3356b7188  samba4-devel-4.2.10-6.el6_7.x86_64.rpm
259987975181494533e191b3ad0d6d7ca71e6dc3f5b59b5a2db90b769c18db6f  samba4-libs-4.2.10-6.el6_7.x86_64.rpm
a532c3ec70bb103242e746deb6c759331f54d98d8dc2980514771cba8c90188b  samba4-pidl-4.2.10-6.el6_7.x86_64.rpm
3609ddee926779281e616417b1ec5633a740e6513f612317f308577b00d67be1  samba4-python-4.2.10-6.el6_7.x86_64.rpm
912c8b7faacccbd648e393b1d278864e365b0caeded158798d1d0232aa573de3  samba4-test-4.2.10-6.el6_7.x86_64.rpm
a7662ba6ad6359cebcf0508439dab6a3be4b345765898458bf29e83b4572edff  samba4-winbind-4.2.10-6.el6_7.x86_64.rpm
5b2d2d92258778b15adaeec89781db8c433927f79ff607b940a58bc327153ab1  samba4-winbind-clients-4.2.10-6.el6_7.x86_64.rpm
2f71281c9403cfb77d966457b91a6117140c400946e80df3afd730a2da73542c  samba4-winbind-krb5-locator-4.2.10-6.el6_7.x86_64.rpm

Source:
bc3dd71c924969dd32bb2dff3af0c1b73c720db05803ffef692d4b52add4e946  samba4-4.2.10-6.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC