Detections
Analytics

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)

high Nessus Plugin ID 90532

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

Samba was updated to the 4.2.x codestream, bringing some new features and security fixes (bsc#973832, FATE#320709).

These security issues were fixed :

 - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).

 - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).

 - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).

 - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).

 - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).

 - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).

 - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).

Also the following fixes were done :

 - Upgrade on-disk FSRVP server state to new version;
 (bsc#924519).

 - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).

 - Align fsrvp feature sources with upstream version.

 - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel;
 (bsc#973832).

 - s3:utils/smbget: Fix recursive download; (bso#6482).

 - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489).

 - docs: Add example for domain logins to smbspool man page; (bso#11643).

 - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).

 - loadparm: Fix memory leak issue; (bso#11708).

 - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).

 - ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719).

 - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727).

 - param: Fix str_list_v3 to accept ';' again; (bso#11732).

 - Real memeory leak(buildup) issue in loadparm;
 (bso#11740).

 - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (bsc#972197).

 - Getting and setting Windows ACLs on symlinks can change permissions on link

 - Only obsolete but do not provide gplv2/3 package names;
 (bsc#968973).

 - Enable clustering (CTDB) support; (bsc#966271).

 - s3: smbd: Fix timestamp rounding inside SMB2 create;
 (bso#11703); (bsc#964023).

 - vfs_fruit: Fix renaming directories with open files;
 (bso#11065).

 - Fix MacOS finder error 36 when copying folder to Samba;
 (bso#11347).

 - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400).

 - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix;
 (bso#11466).

 - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections;
 (bso#11624).

 - Reduce the memory footprint of empty string options;
 (bso#11625).

 - lib/async_req: Do not install async_connect_send_test;
 (bso#11639).

 - docs: Fix typos in man vfs_gpfs; (bso#11641).

 - smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645).

 - smbcacls: Fix uninitialized variable; (bso#11682).

 - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684).

 - Changing log level of two entries to from 1 to 3;
 (bso#9912).

 - vfs_gpfs: Re-enable share modes; (bso#11243).

 - wafsamba: Also build libraries with RELRO protection;
 (bso#11346).

 - ctdb: Strip trailing spaces from nodes file;
 (bso#11365).

 - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452).

 - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563).

 - async_req: Fix non-blocking connect(); (bso#11564).

 - auth: gensec: Fix a memory leak; (bso#11565).

 - lib: util: Make non-critical message a warning;
 (bso#11566).

 - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bsc#949022).

 - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).

 - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).

 - manpage: Correct small typo error; (bso#11584).

 - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589).

 - Backport some valgrind fixes from upstream master;
 (bso#11597).

 - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615).

 - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2016-605=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-605=1

SUSE Linux Enterprise High Availability 12 :

zypper in -t patch SUSE-SLE-HA-12-2016-605=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=320709

https://bugzilla.suse.com/show_bug.cgi?id=913547

https://bugzilla.suse.com/show_bug.cgi?id=919309

https://bugzilla.suse.com/show_bug.cgi?id=924519

https://bugzilla.suse.com/show_bug.cgi?id=936862

https://bugzilla.suse.com/show_bug.cgi?id=942716

https://bugzilla.suse.com/show_bug.cgi?id=946051

https://bugzilla.suse.com/show_bug.cgi?id=949022

https://bugzilla.suse.com/show_bug.cgi?id=964023

https://bugzilla.suse.com/show_bug.cgi?id=966271

https://bugzilla.suse.com/show_bug.cgi?id=968973

https://bugzilla.suse.com/show_bug.cgi?id=971965

https://bugzilla.suse.com/show_bug.cgi?id=972197

https://bugzilla.suse.com/show_bug.cgi?id=973031

https://bugzilla.suse.com/show_bug.cgi?id=973032

https://bugzilla.suse.com/show_bug.cgi?id=973033

https://bugzilla.suse.com/show_bug.cgi?id=973034

https://bugzilla.suse.com/show_bug.cgi?id=973036

https://bugzilla.suse.com/show_bug.cgi?id=973832

https://bugzilla.suse.com/show_bug.cgi?id=974629

https://www.suse.com/security/cve/CVE-2015-5370/

https://www.suse.com/security/cve/CVE-2016-2110/

https://www.suse.com/security/cve/CVE-2016-2111/

https://www.suse.com/security/cve/CVE-2016-2112/

https://www.suse.com/security/cve/CVE-2016-2113/

https://www.suse.com/security/cve/CVE-2016-2115/

https://www.suse.com/security/cve/CVE-2016-2118/

http://www.nessus.org/u?d433eabc

Plugin Details

Severity: High

ID: 90532

File Name: suse_SU-2016-1022-1.nasl

Version: 2.15

Type: local

Agent: unix

Published: 4/15/2016

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libsamdb0, p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbclient-raw0, p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbclient0, p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbconf0, p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbldap0, p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo, p-cpe:/a:novell:suse_linux:libtevent-util0, p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo, p-cpe:/a:novell:suse_linux:libwbclient0, p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo, p-cpe:/a:novell:suse_linux:samba, p-cpe:/a:novell:suse_linux:samba-client, p-cpe:/a:novell:suse_linux:samba-client-debuginfo, p-cpe:/a:novell:suse_linux:samba-debuginfo, p-cpe:/a:novell:suse_linux:samba-debugsource, p-cpe:/a:novell:suse_linux:samba-libs, p-cpe:/a:novell:suse_linux:samba-libs-debuginfo, p-cpe:/a:novell:suse_linux:samba-winbind, p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:libdcerpc-binding0, p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo, p-cpe:/a:novell:suse_linux:libdcerpc0, p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo, p-cpe:/a:novell:suse_linux:libgensec0, p-cpe:/a:novell:suse_linux:libgensec0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-krb5pac0, p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-nbt0, p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-standard0, p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo, p-cpe:/a:novell:suse_linux:libndr0, p-cpe:/a:novell:suse_linux:libndr0-debuginfo, p-cpe:/a:novell:suse_linux:libnetapi0, p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo, p-cpe:/a:novell:suse_linux:libregistry0, p-cpe:/a:novell:suse_linux:libregistry0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-credentials0, p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-hostconfig0, p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-passdb0, p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-util0, p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/12/2016

Vulnerability Publication Date: 4/12/2016

Reference Information

CVE: CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2115, CVE-2016-2118