Scientific Linux Security Update : samba on SL6.x i386/x86_64 (Badlock)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

Security Fix(es) :

- Multiple flaws were found in Samba's DCE/RPC protocol
implementation. A remote, authenticated attacker could
use these flaws to cause a denial of service against the
Samba server (high CPU load or a crash) or, possibly,
execute arbitrary code with the permissions of the user
running Samba (root). This flaw could also be used to
downgrade a secure DCE/RPC connection by a
man-in-the-middle attacker taking control of an Active
Directory (AD) object and compromising the security of a
Samba Active Directory Domain Controller (DC).

Note: While Samba packages as shipped in Scientific Linux do not
support running Samba as an AD DC, this flaw applies to all roles
Samba implements.

- A protocol flaw, publicly referred to as Badlock, was
found in the Security Account Manager Remote Protocol
(MS-SAMR) and the Local Security Authority (Domain
Policy) Remote Protocol (MS-LSAD). Any authenticated
DCE/RPC connection that a client initiates against a
server could be used by a man-in-the-middle attacker to
impersonate the authenticated user against the SAMR or
LSA service on the server. As a result, the attacker
would be able to get read/write access to the Security
Account Manager database, and use this to reveal all
passwords or any other potentially sensitive information
in that database. (CVE-2016-2118)

- It was discovered that Samba configured as a Domain
Controller would establish a secure communication
channel with a machine using a spoofed computer name. A
remote attacker able to observe network traffic could
use this flaw to obtain session-related information
about the spoofed machine. (CVE-2016-2111)

- It was found that Samba's LDAP implementation did not
enforce integrity protection for LDAP connections. A
man-in-the-middle attacker could use this flaw to
downgrade LDAP connections to use no integrity
protection, allowing them to hijack such connections.

- It was found that Samba did not enable integrity
protection for IPC traffic by default. A
man-in-the-middle attacker could use this flaw to view
and modify the data sent between a Samba server and a
client. (CVE-2016-2115)

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 90504 ()

Bugtraq ID:

CVE ID: CVE-2015-5370

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now