Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703548
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3548-1 (samba - security update)
Summary:Several vulnerabilities have been;discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common;Vulnerabilities and Exposures project identifies the following issues:;;CVE-2015-5370;Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC;code which can lead to denial of service (crashes and high cpu;consumption) and man-in-the-middle attacks.;;CVE-2016-2110;Stefan Metzmacher of SerNet and the Samba Team discovered that the;feature negotiation of NTLMSSP does not protect against downgrade;attacks.;;CVE-2016-2111When Samba is configured as domain controller, it allows remote;attackers to spoof the computer name of a secure channel's endpoint,;and obtain sensitive session information. This flaw corresponds to;the same vulnerability as CVE-2015-0005;for Windows, discovered by;Alberto Solino from Core Security.;;CVE-2016-2112;Stefan Metzmacher of SerNet and the Samba Team discovered that a;man-in-the-middle attacker can downgrade LDAP connections to avoid;integrity protection.;;CVE-2016-2113;Stefan Metzmacher of SerNet and the Samba Team discovered that;man-in-the-middle attacks are possible for client triggered LDAP;connections and ncacn_http connections.;;CVE-2016-2114;Stefan Metzmacher of SerNet and the Samba Team discovered that Samba;does not enforce required smb signing even if explicitly configured.;;CVE-2016-2115;Stefan Metzmacher of SerNet and the Samba Team discovered that SMB;connections for IPC traffic are not integrity-protected.;;CVE-2016-2118;Stefan Metzmacher of SerNet and the Samba Team discovered that a;man-in-the-middle attacker can intercept any DCERPC traffic between;a client and a server in order to impersonate the client and obtain;the same privileges as the authenticated user account.
Description:Summary:
Several vulnerabilities have been
discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common
Vulnerabilities and Exposures project identifies the following issues:

CVE-2015-5370
Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC
code which can lead to denial of service (crashes and high cpu
consumption) and man-in-the-middle attacks.

CVE-2016-2110
Stefan Metzmacher of SerNet and the Samba Team discovered that the
feature negotiation of NTLMSSP does not protect against downgrade
attacks.

CVE-2016-2111When Samba is configured as domain controller, it allows remote
attackers to spoof the computer name of a secure channel's endpoint,
and obtain sensitive session information. This flaw corresponds to
the same vulnerability as CVE-2015-0005
for Windows, discovered by
Alberto Solino from Core Security.

CVE-2016-2112
Stefan Metzmacher of SerNet and the Samba Team discovered that a
man-in-the-middle attacker can downgrade LDAP connections to avoid
integrity protection.

CVE-2016-2113
Stefan Metzmacher of SerNet and the Samba Team discovered that
man-in-the-middle attacks are possible for client triggered LDAP
connections and ncacn_http connections.

CVE-2016-2114
Stefan Metzmacher of SerNet and the Samba Team discovered that Samba
does not enforce required smb signing even if explicitly configured.

CVE-2016-2115
Stefan Metzmacher of SerNet and the Samba Team discovered that SMB
connections for IPC traffic are not integrity-protected.

CVE-2016-2118
Stefan Metzmacher of SerNet and the Samba Team discovered that a
man-in-the-middle attacker can intercept any DCERPC traffic between
a client and a server in order to impersonate the client and obtain
the same privileges as the authenticated user account.

Affected Software/OS:
samba on Debian Linux

Solution:
For the oldstable distribution (wheezy),
these problems have been fixed in version 2:3.6.6-6+deb7u9. The oldstable distribution
is not affected by CVE-2016-2113 and CVE-2016-2114
.

For the stable distribution (jessie), these problems have been fixed in
version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading
to the new upstream version 4.2.10, which includes additional changes
and bugfixes. The depending libraries ldb, talloc, tdb and tevent
required as well an update to new upstream versions for this update.

For the unstable distribution (sid), these problems have been fixed in
version 2:4.3.7+dfsg-1.

Please
for further details (in particular for new options and defaults).

We'd like to thank Andreas Schneider and Guenther Deschner (Red Hat),
Stefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE)
for the massive backporting work required to support Samba 3.6 and Samba
4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent
for their help in preparing updates of Samba and the underlying
infrastructure libraries.

We recommend that you upgrade your samba packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0005
http://seclists.org/fulldisclosure/2015/Mar/60
http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html
http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation
Microsoft Security Bulletin: MS15-027
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027
http://www.securitytracker.com/id/1031891
Common Vulnerability Exposure (CVE) ID: CVE-2015-5370
Debian Security Information: DSA-3548 (Google Search)
http://www.debian.org/security/2016/dsa-3548
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html
http://badlock.org/
RedHat Security Advisories: RHSA-2016:0611
http://rhn.redhat.com/errata/RHSA-2016-0611.html
RedHat Security Advisories: RHSA-2016:0612
http://rhn.redhat.com/errata/RHSA-2016-0612.html
RedHat Security Advisories: RHSA-2016:0613
http://rhn.redhat.com/errata/RHSA-2016-0613.html
RedHat Security Advisories: RHSA-2016:0614
http://rhn.redhat.com/errata/RHSA-2016-0614.html
RedHat Security Advisories: RHSA-2016:0618
http://rhn.redhat.com/errata/RHSA-2016-0618.html
RedHat Security Advisories: RHSA-2016:0619
http://rhn.redhat.com/errata/RHSA-2016-0619.html
RedHat Security Advisories: RHSA-2016:0620
http://rhn.redhat.com/errata/RHSA-2016-0620.html
RedHat Security Advisories: RHSA-2016:0624
http://rhn.redhat.com/errata/RHSA-2016-0624.html
http://www.securitytracker.com/id/1035533
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012
SuSE Security Announcement: SUSE-SU-2016:1022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:1023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html
SuSE Security Announcement: SUSE-SU-2016:1024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html
SuSE Security Announcement: SUSE-SU-2016:1028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html
SuSE Security Announcement: openSUSE-SU-2016:1025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html
SuSE Security Announcement: openSUSE-SU-2016:1064 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
SuSE Security Announcement: openSUSE-SU-2016:1106 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
SuSE Security Announcement: openSUSE-SU-2016:1107 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
http://www.ubuntu.com/usn/USN-2950-1
http://www.ubuntu.com/usn/USN-2950-2
http://www.ubuntu.com/usn/USN-2950-3
http://www.ubuntu.com/usn/USN-2950-4
http://www.ubuntu.com/usn/USN-2950-5
Common Vulnerability Exposure (CVE) ID: CVE-2016-2110
https://security.gentoo.org/glsa/201612-47
RedHat Security Advisories: RHSA-2016:0621
http://rhn.redhat.com/errata/RHSA-2016-0621.html
RedHat Security Advisories: RHSA-2016:0623
http://rhn.redhat.com/errata/RHSA-2016-0623.html
RedHat Security Advisories: RHSA-2016:0625
http://rhn.redhat.com/errata/RHSA-2016-0625.html
SuSE Security Announcement: SUSE-SU-2016:1105 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html
SuSE Security Announcement: openSUSE-SU-2016:1440 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00124.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-2111
Common Vulnerability Exposure (CVE) ID: CVE-2016-2112
Common Vulnerability Exposure (CVE) ID: CVE-2016-2113
Common Vulnerability Exposure (CVE) ID: CVE-2016-2114
BugTraq ID: 86011
http://www.securityfocus.com/bid/86011
Common Vulnerability Exposure (CVE) ID: CVE-2016-2115
Common Vulnerability Exposure (CVE) ID: CVE-2016-2118
BugTraq ID: 86002
http://www.securityfocus.com/bid/86002
CERT/CC vulnerability note: VU#813296
https://www.kb.cert.org/vuls/id/813296
CopyrightCopyright (c) 2016 Greenbone Networks GmbH http://greenbone.net

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.