SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Samba Vendors:   Samba.org
(CentOS Issues Fix) Samba Lets Remote Users Downgrade SMB Signing Security Protections on the Target System
SecurityTracker Alert ID:  1036452
SecurityTracker URL:  http://securitytracker.com/id/1036452
CVE Reference:   CVE-2016-2119   (Links to External Site)
Date:  Jul 27 2016
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.0 to 4.4.4
Description:   A vulnerability was reported in Samba. A remote user can downgrade client signing security controls on the target system.

A remote user that can conduct a man-in-the-middle attack can inject the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags to downgrade the client's configuration-required signing protections for SMB2 or SMB3 client connections and impersonate the target server.

Clients that are configured to use SMB signing are affected.

Management tools (e.g., net, samba-tool, rpcclient) that use DCERPC over SMB2/3 connections are also affected.

Stefan Metzmacher of SerNet (https://samba.plus) and the Samba Team (https://www.samba.org) reported this vulnerability.

Impact:   A remote user that can conduct a man-in-the-middle attack can downgrade client signing security controls on the target system.
Solution:   CentOS has issued a fix.

x86_64:
af316ded6583e6970f213f1faa30a355594d2933f688a907ce565d564e40cdca ctdb-4.2.10-7.el7_2.x86_64.rpm
936138ac2d66d5989658814b31b59486ab276537345393408de3efdb78431cce ctdb-devel-4.2.10-7.el7_2.i686.rpm
2437457d7d9812367bbd51f8c6517a9a9d15c529d1d5983ece129f8f459bab8a ctdb-devel-4.2.10-7.el7_2.x86_64.rpm
e714cab79fe0103cd66ddbd46ae74c68e84cdbd7ffe0a34d1efa5b38b9ff1ffc ctdb-tests-4.2.10-7.el7_2.x86_64.rpm
eb97c7a86e94546b1180f9ab367121a16a486bd366ae12c6e468d561b2d12f48 libsmbclient-4.2.10-7.el7_2.i686.rpm
67f1de3814404a15e92b9787b058ec92a4db857ef761d8b57fc0352f94ab180b libsmbclient-4.2.10-7.el7_2.x86_64.rpm
323283146f2e2d90737dffc367f747e414fd368d6ecf692369501ca2fd97359e libsmbclient-devel-4.2.10-7.el7_2.i686.rpm
0844d470c626f3054dc2d75a9ec6f49732ea6dfe585391a40d14553310626418 libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpm
e48e898aca04edd11ccc3a162d6c62e29a0b0f1d039be2f38b680b640671dff4 libwbclient-4.2.10-7.el7_2.i686.rpm
2b8df119f520e430163bf32247d177b2d1d51b8179c6dcbdc8b7fc7d47bbc28c libwbclient-4.2.10-7.el7_2.x86_64.rpm
3ccc0bf2449d3b9fdd7ffdb5d7f1cef0190d5f30a02e2a7622e0df31afdf7fb5 libwbclient-devel-4.2.10-7.el7_2.i686.rpm
a4a4ce957fe9d636ee6caa9fbab1b1c7f295768d03acfcdbadc1dee1bd4608c3 libwbclient-devel-4.2.10-7.el7_2.x86_64.rpm
f5c64b664496854190fc63f88afdea510e879e4e4f46ebc0d8b4480f34315157 samba-4.2.10-7.el7_2.x86_64.rpm
3bdfe254ea4e1461fb55476cd9cf69a08a38b76dc0386ec5044344c5fc815782 samba-client-4.2.10-7.el7_2.x86_64.rpm
06041291bbacaa65968e5c15e65d7fb28846840b192139581d9aa19bf6d05beb samba-client-libs-4.2.10-7.el7_2.i686.rpm
8c31c60f8cc270b7e86d4b5f7dd3c3db9c060e5e75673b3a3337eb6420b93855 samba-client-libs-4.2.10-7.el7_2.x86_64.rpm
622825dd58550cf8e98d247d079f82e3d2c2d44333f7193ba7b1e637a15c83cf samba-common-4.2.10-7.el7_2.noarch.rpm
d24f24bb3964e31cd59c69df78bfeefeca1c75a134174df0be364757b1b33888 samba-common-libs-4.2.10-7.el7_2.x86_64.rpm
79d46ce115fa8a5ed8dff5323f9fcd48380d53eb5b215461359b2f7b5adf7364 samba-common-tools-4.2.10-7.el7_2.x86_64.rpm
0e2649cb2ffa3cc1bc46adc717398302fafd19505920d670dcc19d765115ba82 samba-dc-4.2.10-7.el7_2.x86_64.rpm
017330cf223292625dbc706174271ea578c6873b2d41fa0e861e78c6c4b6b5a0 samba-dc-libs-4.2.10-7.el7_2.x86_64.rpm
29070202ccdd99d8658e87c71ce712f1f06d5cc3534b4d90990ab41a0e4cd369 samba-devel-4.2.10-7.el7_2.i686.rpm
4e03c1dfc3ecc77687cfeb51990634bdcbdc5768d92bf950815c831a7e40f585 samba-devel-4.2.10-7.el7_2.x86_64.rpm
976eac8aa4c6ef40fa3308507e7c57531fd305c0ea9426a8b95409f8e18e62aa samba-libs-4.2.10-7.el7_2.i686.rpm
7c3994acb7c3a4d0a2522b042f77a87e9220fc4f458b7cce8dd3f60fc2b614ca samba-libs-4.2.10-7.el7_2.x86_64.rpm
d1f892959838210f6f63f7dc892068e5bde85dea22ec14db0a97b084501cb306 samba-pidl-4.2.10-7.el7_2.noarch.rpm
1f926bf228383a34160a83ab1f90aa4ff8c8e54cff12cba2f558f0725b30e76e samba-python-4.2.10-7.el7_2.x86_64.rpm
5ffff01abf79e9328726d7029e3a638ff5782aa43b2d9de433c4d5814fc444fe samba-test-4.2.10-7.el7_2.x86_64.rpm
e4f4067424a3ac0370a8566871a82f4edb32e9baa398b977792f3f0b57b5715f samba-test-devel-4.2.10-7.el7_2.x86_64.rpm
b507771944911796d6c59ec48f88af307260e19b3836d228cfdfd358969d59bf samba-test-libs-4.2.10-7.el7_2.i686.rpm
aa964f62ae380e44cd124a25368824748e5d20e55102415068ffb9ba697c65a6 samba-test-libs-4.2.10-7.el7_2.x86_64.rpm
697eb0bcb08507645e0a1978a29ca134c3b7fd71fb9e77a6b887adcd8ecd92da samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpm
107884a502a8e44131bd7aeeba02317d211b0a52c37a7154441e48ca1cdad693 samba-winbind-4.2.10-7.el7_2.x86_64.rpm
acb9021d7339bf06f64b91701082181a1cb1679349c14b47a58c73d7b5cb77a3 samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpm
312cf5c2e79134cb905b6ce69867ee7935889349841ff30108242117225fc9d4 samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpm
9045f7ec36fc584fc0051f7e42a546df2c347a167de3a73869e6a7c9d8c5ee15 samba-winbind-modules-4.2.10-7.el7_2.i686.rpm
adf85c04209ca4ed846c8529df8d7fde3148e40d4c2bd635f557e9fc41c3ad4a samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpm

Source:
2ea1482b434b0a735289ccb72fcff96b31a10bdeca0d9529bb9bfefd8e12c651 samba-4.2.10-7.el7_2.src.rpm

Cause:   State error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jul 7 2016 Samba Lets Remote Users Downgrade SMB Signing Security Protections on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:1486 Moderate CentOS 7 samba Security Update


CentOS Errata and Security Advisory 2016:1486 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1486.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
af316ded6583e6970f213f1faa30a355594d2933f688a907ce565d564e40cdca  ctdb-4.2.10-7.el7_2.x86_64.rpm
936138ac2d66d5989658814b31b59486ab276537345393408de3efdb78431cce  ctdb-devel-4.2.10-7.el7_2.i686.rpm
2437457d7d9812367bbd51f8c6517a9a9d15c529d1d5983ece129f8f459bab8a  ctdb-devel-4.2.10-7.el7_2.x86_64.rpm
e714cab79fe0103cd66ddbd46ae74c68e84cdbd7ffe0a34d1efa5b38b9ff1ffc  ctdb-tests-4.2.10-7.el7_2.x86_64.rpm
eb97c7a86e94546b1180f9ab367121a16a486bd366ae12c6e468d561b2d12f48  libsmbclient-4.2.10-7.el7_2.i686.rpm
67f1de3814404a15e92b9787b058ec92a4db857ef761d8b57fc0352f94ab180b  libsmbclient-4.2.10-7.el7_2.x86_64.rpm
323283146f2e2d90737dffc367f747e414fd368d6ecf692369501ca2fd97359e  libsmbclient-devel-4.2.10-7.el7_2.i686.rpm
0844d470c626f3054dc2d75a9ec6f49732ea6dfe585391a40d14553310626418  libsmbclient-devel-4.2.10-7.el7_2.x86_64.rpm
e48e898aca04edd11ccc3a162d6c62e29a0b0f1d039be2f38b680b640671dff4  libwbclient-4.2.10-7.el7_2.i686.rpm
2b8df119f520e430163bf32247d177b2d1d51b8179c6dcbdc8b7fc7d47bbc28c  libwbclient-4.2.10-7.el7_2.x86_64.rpm
3ccc0bf2449d3b9fdd7ffdb5d7f1cef0190d5f30a02e2a7622e0df31afdf7fb5  libwbclient-devel-4.2.10-7.el7_2.i686.rpm
a4a4ce957fe9d636ee6caa9fbab1b1c7f295768d03acfcdbadc1dee1bd4608c3  libwbclient-devel-4.2.10-7.el7_2.x86_64.rpm
f5c64b664496854190fc63f88afdea510e879e4e4f46ebc0d8b4480f34315157  samba-4.2.10-7.el7_2.x86_64.rpm
3bdfe254ea4e1461fb55476cd9cf69a08a38b76dc0386ec5044344c5fc815782  samba-client-4.2.10-7.el7_2.x86_64.rpm
06041291bbacaa65968e5c15e65d7fb28846840b192139581d9aa19bf6d05beb  samba-client-libs-4.2.10-7.el7_2.i686.rpm
8c31c60f8cc270b7e86d4b5f7dd3c3db9c060e5e75673b3a3337eb6420b93855  samba-client-libs-4.2.10-7.el7_2.x86_64.rpm
622825dd58550cf8e98d247d079f82e3d2c2d44333f7193ba7b1e637a15c83cf  samba-common-4.2.10-7.el7_2.noarch.rpm
d24f24bb3964e31cd59c69df78bfeefeca1c75a134174df0be364757b1b33888  samba-common-libs-4.2.10-7.el7_2.x86_64.rpm
79d46ce115fa8a5ed8dff5323f9fcd48380d53eb5b215461359b2f7b5adf7364  samba-common-tools-4.2.10-7.el7_2.x86_64.rpm
0e2649cb2ffa3cc1bc46adc717398302fafd19505920d670dcc19d765115ba82  samba-dc-4.2.10-7.el7_2.x86_64.rpm
017330cf223292625dbc706174271ea578c6873b2d41fa0e861e78c6c4b6b5a0  samba-dc-libs-4.2.10-7.el7_2.x86_64.rpm
29070202ccdd99d8658e87c71ce712f1f06d5cc3534b4d90990ab41a0e4cd369  samba-devel-4.2.10-7.el7_2.i686.rpm
4e03c1dfc3ecc77687cfeb51990634bdcbdc5768d92bf950815c831a7e40f585  samba-devel-4.2.10-7.el7_2.x86_64.rpm
976eac8aa4c6ef40fa3308507e7c57531fd305c0ea9426a8b95409f8e18e62aa  samba-libs-4.2.10-7.el7_2.i686.rpm
7c3994acb7c3a4d0a2522b042f77a87e9220fc4f458b7cce8dd3f60fc2b614ca  samba-libs-4.2.10-7.el7_2.x86_64.rpm
d1f892959838210f6f63f7dc892068e5bde85dea22ec14db0a97b084501cb306  samba-pidl-4.2.10-7.el7_2.noarch.rpm
1f926bf228383a34160a83ab1f90aa4ff8c8e54cff12cba2f558f0725b30e76e  samba-python-4.2.10-7.el7_2.x86_64.rpm
5ffff01abf79e9328726d7029e3a638ff5782aa43b2d9de433c4d5814fc444fe  samba-test-4.2.10-7.el7_2.x86_64.rpm
e4f4067424a3ac0370a8566871a82f4edb32e9baa398b977792f3f0b57b5715f  samba-test-devel-4.2.10-7.el7_2.x86_64.rpm
b507771944911796d6c59ec48f88af307260e19b3836d228cfdfd358969d59bf  samba-test-libs-4.2.10-7.el7_2.i686.rpm
aa964f62ae380e44cd124a25368824748e5d20e55102415068ffb9ba697c65a6  samba-test-libs-4.2.10-7.el7_2.x86_64.rpm
697eb0bcb08507645e0a1978a29ca134c3b7fd71fb9e77a6b887adcd8ecd92da  samba-vfs-glusterfs-4.2.10-7.el7_2.x86_64.rpm
107884a502a8e44131bd7aeeba02317d211b0a52c37a7154441e48ca1cdad693  samba-winbind-4.2.10-7.el7_2.x86_64.rpm
acb9021d7339bf06f64b91701082181a1cb1679349c14b47a58c73d7b5cb77a3  samba-winbind-clients-4.2.10-7.el7_2.x86_64.rpm
312cf5c2e79134cb905b6ce69867ee7935889349841ff30108242117225fc9d4  samba-winbind-krb5-locator-4.2.10-7.el7_2.x86_64.rpm
9045f7ec36fc584fc0051f7e42a546df2c347a167de3a73869e6a7c9d8c5ee15  samba-winbind-modules-4.2.10-7.el7_2.i686.rpm
adf85c04209ca4ed846c8529df8d7fde3148e40d4c2bd635f557e9fc41c3ad4a  samba-winbind-modules-4.2.10-7.el7_2.x86_64.rpm

Source:
2ea1482b434b0a735289ccb72fcff96b31a10bdeca0d9529bb9bfefd8e12c651  samba-4.2.10-7.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC