Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : samba vulnerabilities (USN-2855-1)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Thilo Uttendorfer discovered that the Samba LDAP server incorrectly
handled certain packets. A remote attacker could use this issue to
cause the LDAP server to stop responding, resulting in a denial of
service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and
Ubuntu 15.10. (CVE-2015-3223)

Jan Kasprzak discovered that Samba incorrectly handled certain
symlinks. A remote attacker could use this issue to access files
outside the exported share path. (CVE-2015-5252)

Stefan Metzmacher discovered that Samba did not enforce signing when
creating encrypted connections. If a remote attacker were able to
perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information. (CVE-2015-5296)

It was discovered that Samba incorrectly performed access control when
using the VFS shadow_copy2 module. A remote attacker could use this
issue to access snapshots, contrary to intended permissions.
(CVE-2015-5299)

Douglas Bagnall discovered that Samba incorrectly handled certain
string lengths. A remote attacker could use this issue to possibly
access sensitive information. (CVE-2015-5330)

It was discovered that the Samba LDAP server incorrectly handled
certain packets. A remote attacker could use this issue to cause the
LDAP server to stop responding, resulting in a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10.
(CVE-2015-7540)

Andrew Bartlett discovered that Samba incorrectly checked
administrative privileges during creation of machine accounts. A
remote attacker could possibly use this issue to bypass intended
access restrictions in certain environments. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-8467).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected samba package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 87755 ()

Bugtraq ID:

CVE ID: CVE-2015-3223
CVE-2015-5252
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CVE-2015-7540
CVE-2015-8467

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now