SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service
SecurityTracker Alert ID:  1035563
SecurityTracker URL:  http://securitytracker.com/id/1035563
CVE Reference:   CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118   (Links to External Site)
Date:  Apr 13 2016
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.0 to 4.4.0
Description:   Multiple vulnerabilities were reported in Samba. A remote user can cause denial of service conditions on the target system. A remote user can hijack connection. A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can exploit a missing error check in dcesrv_auth_bind_ack() in the DCE/RPC protocol implementation to cause excessive CPU consumption on the target system or cause the target service to crash or execute arbitrary code [CVE-2015-5370]. Versions 3.6.0 to 4.4.0 are affected.

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can hijack the target connection [CVE-2016-2110].

The NTLMSSP implementation is not protected against downgrading. A remote user that can conduct a man-in-the-middle attack can spoof a system name to a Domain Controller and obtain session-related information about the spoofed system [CVE-2016-2111].

The LDAP implementation does not enforce integrity protection for LDAP connections. A remote user that can conduct a man-in-the-middle attack can downgrade the target LDAP connection to use no integrity protection and gain access to the connection [CVE-2016-2112].

A remote user that can conduct a man-in-the-middle attack can gain access to LDAP connection [CVE-2016-2113]. Versions 4.0.0 to 4.4.0 are affected.

The system does not enforce the mandatory server signing configuration setting. As a result, a remote user can conduct a man-in-the-middle attack to hijack SMB1 connections [CVE-2016-2114]. Versions 4.0.0 to 4.4.0 are affected.

The IPC implementation does not enforce integrity protection by default. A remote user that can conduct a man-in-the-middle attacker can view and modify data sent via the IPC connection [CVE-2016-2115].

A remote user that can conduct a man-in-the-middle attack against DCE/RPE connections can impersonate the target user against the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD) implementations to obtain read/write access to the target Security Account Manager database [CVE-2016-2118]. This can be exploited to obtain passwords in the database. Versions 3.6.0 to 4.4.0 are affected.

[Editor's note: Microsoft Windows is also affected by this vulnerability, as described in CVE-2016-0128 (Alert ID 1035534). This vulnerability is known as "Badlock".]

Jouni Knuutinen of Synopsys reported the dcesrv_auth_bind_ack() vulnerability. Stefan Metzmacher of SerNet (https://samba.plus) reported the other vulnerabilities.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

A remote user can hijack connections.

Solution:   CentOS has issued a fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, and CVE-2016-2118 for samba3x.

i386:
97abe93620070c6e6899f325cce8365c734dc2b5f22ce0856b1d35d690d7923d samba3x-3.6.23-12.el5_11.i386.rpm
fdac44017c9f0892270f6876d3b973dc2637fc780efe807414a7ee781ce42565 samba3x-client-3.6.23-12.el5_11.i386.rpm
a51c47be8790e10952d72b2d854f6535d61a200af1682106bdf95192ef30d5cf samba3x-common-3.6.23-12.el5_11.i386.rpm
53b41e7adf3cf469afe3610cbfe1574a5d87f098ae14c4ee66b616865956c55f samba3x-doc-3.6.23-12.el5_11.i386.rpm
55b7a510b70fd4df22be7e53687150021d3538554531290a9d6c355112b3c92f samba3x-domainjoin-gui-3.6.23-12.el5_11.i386.rpm
e0f8ab73a4a84bb3244340eb51d331bfe4a033e4017f31aa789b00521de2180a samba3x-swat-3.6.23-12.el5_11.i386.rpm
bc2d6815e9a2cd7e324f08f077f525b3519c4b535a309154428814b00041b033 samba3x-winbind-3.6.23-12.el5_11.i386.rpm
da57fabb30e15c0f64f8f00923f74ab22e485c905515220a1e22e6879cfb07b0 samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm

x86_64:
9992e356a19eec855fcc864d96908952f818a6ee851c3ed8db3787f0613b3f70 samba3x-3.6.23-12.el5_11.x86_64.rpm
927b2d29e03b78bfc2e4abe5849ac5d9323a7b6c4e894eea64564613ba61d9bf samba3x-client-3.6.23-12.el5_11.x86_64.rpm
b03f6c485c117cd1f044d260dfd2c1b6b5833fdcbae5f4709871d31912984f31 samba3x-common-3.6.23-12.el5_11.x86_64.rpm
161cf0a14693651fb5682daef2ca9998bb0aad05640802675e957e2f5c7c3623 samba3x-doc-3.6.23-12.el5_11.x86_64.rpm
3caf2d9e7e9d176241ea30c342c952ed2150b212295bdab29e174e49a2dc2bd5 samba3x-domainjoin-gui-3.6.23-12.el5_11.x86_64.rpm
2705dd0d6d748638a1409ecd75cad75a7e0773d0a5a897d822f1105fe4cbb4c0 samba3x-swat-3.6.23-12.el5_11.x86_64.rpm
bc2d6815e9a2cd7e324f08f077f525b3519c4b535a309154428814b00041b033 samba3x-winbind-3.6.23-12.el5_11.i386.rpm
2868a68f8049e64fba8d3cd2f43a28c1e1263e68e1a7985047582c63c85aea31 samba3x-winbind-3.6.23-12.el5_11.x86_64.rpm
da57fabb30e15c0f64f8f00923f74ab22e485c905515220a1e22e6879cfb07b0 samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm
01d3314e89baab6cb80f2449170c0b2da15b4ef4a100958e4b68955c0491397f samba3x-winbind-devel-3.6.23-12.el5_11.x86_64.rpm

Source:
17905de0e48950e5ac76d1a233401bf457b3c8062fbe47cd0a4e4ca2bb970b87 samba3x-3.6.23-12.el5_11.src.rpm

Cause:   Access control error, Authentication error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Apr 13 2016 Samba Multiple Flaws Let Remote Users Hijack Connections, Obtain Potentially Sensitive Information, and Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0613 Critical CentOS 5 samba3x Security Update


CentOS Errata and Security Advisory 2016:0613 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0613.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
97abe93620070c6e6899f325cce8365c734dc2b5f22ce0856b1d35d690d7923d  samba3x-3.6.23-12.el5_11.i386.rpm
fdac44017c9f0892270f6876d3b973dc2637fc780efe807414a7ee781ce42565  samba3x-client-3.6.23-12.el5_11.i386.rpm
a51c47be8790e10952d72b2d854f6535d61a200af1682106bdf95192ef30d5cf  samba3x-common-3.6.23-12.el5_11.i386.rpm
53b41e7adf3cf469afe3610cbfe1574a5d87f098ae14c4ee66b616865956c55f  samba3x-doc-3.6.23-12.el5_11.i386.rpm
55b7a510b70fd4df22be7e53687150021d3538554531290a9d6c355112b3c92f  samba3x-domainjoin-gui-3.6.23-12.el5_11.i386.rpm
e0f8ab73a4a84bb3244340eb51d331bfe4a033e4017f31aa789b00521de2180a  samba3x-swat-3.6.23-12.el5_11.i386.rpm
bc2d6815e9a2cd7e324f08f077f525b3519c4b535a309154428814b00041b033  samba3x-winbind-3.6.23-12.el5_11.i386.rpm
da57fabb30e15c0f64f8f00923f74ab22e485c905515220a1e22e6879cfb07b0  samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm

x86_64:
9992e356a19eec855fcc864d96908952f818a6ee851c3ed8db3787f0613b3f70  samba3x-3.6.23-12.el5_11.x86_64.rpm
927b2d29e03b78bfc2e4abe5849ac5d9323a7b6c4e894eea64564613ba61d9bf  samba3x-client-3.6.23-12.el5_11.x86_64.rpm
b03f6c485c117cd1f044d260dfd2c1b6b5833fdcbae5f4709871d31912984f31  samba3x-common-3.6.23-12.el5_11.x86_64.rpm
161cf0a14693651fb5682daef2ca9998bb0aad05640802675e957e2f5c7c3623  samba3x-doc-3.6.23-12.el5_11.x86_64.rpm
3caf2d9e7e9d176241ea30c342c952ed2150b212295bdab29e174e49a2dc2bd5  samba3x-domainjoin-gui-3.6.23-12.el5_11.x86_64.rpm
2705dd0d6d748638a1409ecd75cad75a7e0773d0a5a897d822f1105fe4cbb4c0  samba3x-swat-3.6.23-12.el5_11.x86_64.rpm
bc2d6815e9a2cd7e324f08f077f525b3519c4b535a309154428814b00041b033  samba3x-winbind-3.6.23-12.el5_11.i386.rpm
2868a68f8049e64fba8d3cd2f43a28c1e1263e68e1a7985047582c63c85aea31  samba3x-winbind-3.6.23-12.el5_11.x86_64.rpm
da57fabb30e15c0f64f8f00923f74ab22e485c905515220a1e22e6879cfb07b0  samba3x-winbind-devel-3.6.23-12.el5_11.i386.rpm
01d3314e89baab6cb80f2449170c0b2da15b4ef4a100958e4b68955c0491397f  samba3x-winbind-devel-3.6.23-12.el5_11.x86_64.rpm

Source:
17905de0e48950e5ac76d1a233401bf457b3c8062fbe47cd0a4e4ca2bb970b87  samba3x-3.6.23-12.el5_11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC