SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

Samba was updated to the 4.2.x codestream, bringing some new features
and security fixes (bsc#973832, FATE#320709).

These security issues were fixed :

- CVE-2015-5370: DCERPC server and client were vulnerable
to DOS and MITM attacks (bsc#936862).

- CVE-2016-2110: A man-in-the-middle could have downgraded
NTLMSSP authentication (bsc#973031).

- CVE-2016-2111: Domain controller netlogon member
computer could have been spoofed (bsc#973032).

- CVE-2016-2112: LDAP conenctions were vulnerable to
downgrade and MITM attack (bsc#973033).

- CVE-2016-2113: TLS certificate validation were missing
(bsc#973034).

- CVE-2016-2115: Named pipe IPC were vulnerable to MITM
attacks (bsc#973036).

- CVE-2016-2118: 'Badlock' DCERPC impersonation of
authenticated account were possible (bsc#971965).

Also the following fixes were done :

- Upgrade on-disk FSRVP server state to new version;
(bsc#924519).

- Fix samba.tests.messaging test and prevent potential tdb
corruption by removing obsolete now invalid tdb_close
call; (bsc#974629).

- Align fsrvp feature sources with upstream version.

- Obsolete libsmbsharemodes0 from samba-libs and
libsmbsharemodes-devel from samba-core-devel;
(bsc#973832).

- s3:utils/smbget: Fix recursive download; (bso#6482).

- s3: smbd: posix_acls: Fix check for setting u:g:o entry
on a filesystem with no ACL support; (bso#10489).

- docs: Add example for domain logins to smbspool man
page; (bso#11643).

- s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).

- loadparm: Fix memory leak issue; (bso#11708).

- lib/tsocket: Work around sockets not supporting
FIONREAD; (bso#11714).

- ctdb-scripts: Drop use of 'smbcontrol winbindd
ip-dropped ...'; (bso#11719).

- s3:smbd:open: Skip redundant call to file_set_dosmode
when creating a new file; (bso#11727).

- param: Fix str_list_v3 to accept ';' again; (bso#11732).

- Real memeory leak(buildup) issue in loadparm;
(bso#11740).

- Obsolete libsmbclient from libsmbclient0 and
libpdb-devel from libsamba-passdb-devel while not
providing it; (bsc#972197).

- Getting and setting Windows ACLs on symlinks can change
permissions on link

- Only obsolete but do not provide gplv2/3 package names;
(bsc#968973).

- Enable clustering (CTDB) support; (bsc#966271).

- s3: smbd: Fix timestamp rounding inside SMB2 create;
(bso#11703); (bsc#964023).

- vfs_fruit: Fix renaming directories with open files;
(bso#11065).

- Fix MacOS finder error 36 when copying folder to Samba;
(bso#11347).

- s3:smbd/oplock: Obey kernel oplock setting when
releasing oplocks; (bso#11400).

- Fix copying files with vfs_fruit when using
vfs_streams_xattr without stream prefix and type suffix;
(bso#11466).

- s3:libsmb: Correctly initialize the list head when
keeping a list of primary followed by DFS connections;
(bso#11624).

- Reduce the memory footprint of empty string options;
(bso#11625).

- lib/async_req: Do not install async_connect_send_test;
(bso#11639).

- docs: Fix typos in man vfs_gpfs; (bso#11641).

- smbd: make 'hide dot files' option work with 'store dos
attributes = yes'; (bso#11645).

- smbcacls: Fix uninitialized variable; (bso#11682).

- s3:smbd: Ignore initial allocation size for directory
creation; (bso#11684).

- Changing log level of two entries to from 1 to 3;
(bso#9912).

- vfs_gpfs: Re-enable share modes; (bso#11243).

- wafsamba: Also build libraries with RELRO protection;
(bso#11346).

- ctdb: Strip trailing spaces from nodes file;
(bso#11365).

- s3-smbd: Fix old DOS client doing wildcard delete -
gives a attribute type of zero; (bso#11452).

- nss_wins: Do not run into use after free issues when we
access memory allocated on the globals and the global
being reinitialized; (bso#11563).

- async_req: Fix non-blocking connect(); (bso#11564).

- auth: gensec: Fix a memory leak; (bso#11565).

- lib: util: Make non-critical message a warning;
(bso#11566).

- Fix winbindd crashes with samlogon for trusted domain
user; (bso#11569); (bsc#949022).

- smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).

- ctdb: Open the RO tracking db with perms 0600 instead of
0000; (bso#11577).

- manpage: Correct small typo error; (bso#11584).

- s3: smbd: If EA's are turned off on a share don't allow
an SMB2 create containing them; (bso#11589).

- Backport some valgrind fixes from upstream master;
(bso#11597).

- s3: smbd: have_file_open_below() fails to enumerate open
files below an open directory handle; (bso#11615).

- docs: Fix some typos in the idmap config section of man
5 smb.conf; (bso#11619).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/320709
https://bugzilla.suse.com/913547
https://bugzilla.suse.com/919309
https://bugzilla.suse.com/924519
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/942716
https://bugzilla.suse.com/946051
https://bugzilla.suse.com/949022
https://bugzilla.suse.com/964023
https://bugzilla.suse.com/966271
https://bugzilla.suse.com/968973
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/972197
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
https://bugzilla.suse.com/973832
https://bugzilla.suse.com/974629
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
http://www.nessus.org/u?4d1a1550

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2016-605=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-605=1

SUSE Linux Enterprise High Availability 12 :

zypper in -t patch SUSE-SLE-HA-12-2016-605=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 90532 ()

Bugtraq ID:

CVE ID: CVE-2015-5370
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2115
CVE-2016-2118

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now