FreeBSD : samba -- multiple vulnerabilities (a636fc26-00d9-11e6-b704-000c292e4fd8) (Badlock)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Samba team reports :

[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of
service (crashes and high cpu consumption) and man in the middle
attacks.

[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade
protected. A man in the middle is able to clear even required flags,
especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.

[CVE-2016-2111] When Samba is configured as Domain Controller it
allows remote attackers to spoof the computer name of a secure
channel's endpoints, and obtain sensitive session information, by
running a crafted application and leveraging the ability to sniff
network traffic.

[CVE-2016-2112] A man in the middle is able to downgrade LDAP
connections to no integrity protection.

[CVE-2016-2113] Man in the middle attacks are possible for client
triggered LDAP connections (with ldaps://) and ncacn_http connections
(with https://).

[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb
signing, even if explicitly configured.

[CVE-2016-2115] The protection of DCERPC communication over ncacn_np
(which is the default for most the file server related protocols) is
inherited from the underlying SMB connection.

[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any
DCERPC traffic between a client and a server in order to impersonate
the client and get the same privileges as the authenticated user
account. This is most problematic against active directory domain
controllers.

See also :

https://www.samba.org/samba/security/CVE-2015-5370.html
https://www.samba.org/samba/security/CVE-2016-2110.html
https://www.samba.org/samba/security/CVE-2016-2111.html
https://www.samba.org/samba/security/CVE-2016-2112.html
https://www.samba.org/samba/security/CVE-2016-2113.html
https://www.samba.org/samba/security/CVE-2016-2114.html
https://www.samba.org/samba/security/CVE-2016-2115.html
https://www.samba.org/samba/security/CVE-2016-2118.html
http://www.nessus.org/u?71126ed4

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90474 ()

Bugtraq ID:

CVE ID: CVE-2015-5370
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2114
CVE-2016-2115
CVE-2016-2118

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now