Alpine: libsmbclient, pam-winbind, multiple samba packages: security update to 4.2.3-r3 (deprecated)

high Tenable Self-Hosted Container Security Plugin ID 401092

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before
4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges
during creation of machine accounts, which allows remote authenticated users to bypass intended access
restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar
issue to CVE-2015-2535. (CVE-2015-8467)

- The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in
Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which
allows remote attackers to cause a denial of service (infinite loop) via crafted packets. (CVE-2015-3223)

- vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share
names with certain substring relationships exist, allows remote attackers to bypass intended file-access
restrictions via a symlink that points outside of a share. (CVE-2015-5252)

- Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are
encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted
downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and
smbXcli_base.c. (CVE-2015-5296)

- The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before
4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right
has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
(CVE-2015-5299)

See Also

https://git.alpinelinux.org/aports/commit/?id=47affed1795cc5ca4cdd4625ea53ba85513f0636

https://git.alpinelinux.org/aports/commit/?id=9c474c6aa6af26b79394ed47f17a04d5b29e5026

Plugin Details

Severity: High

ID: 401092

Version: Revision 1.22

Type: Local

Published: 8/16/2023

Updated: 1/17/2024

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2015-8467

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/27/2016

Vulnerability Publication Date: 12/16/2015

Reference Information

CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-8467

BID: 79729, 79731, 79732, 79733, 79734, 79735

IAVA: 2016-A-0002-S