SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1024-1) (Badlock)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

samba was updated to fix seven security issues.

These security issues were fixed :

- CVE-2015-5370: DCERPC server and client were vulnerable
to DOS and MITM attacks (bsc#936862).

- CVE-2016-2110: A man-in-the-middle could have downgraded
NTLMSSP authentication (bsc#973031).

- CVE-2016-2111: Domain controller netlogon member
computer could have been spoofed (bsc#973032).

- CVE-2016-2112: LDAP conenctions were vulnerable to
downgrade and MITM attack (bsc#973033).

- CVE-2016-2113: TLS certificate validation were missing
(bsc#973034).

- CVE-2016-2115: Named pipe IPC were vulnerable to MITM
attacks (bsc#973036).

- CVE-2016-2118: 'Badlock' DCERPC impersonation of
authenticated account were possible (bsc#971965).

These non-security issues were fixed :

- bsc#974629: Fix samba.tests.messaging test and prevent
potential tdb corruption by removing obsolete now
invalid tdb_close call.

- bsc#973832: Obsolete libsmbsharemodes0 from samba-libs
and libsmbsharemodes-devel from samba-core-devel.

- bsc#972197: Obsolete libsmbclient from libsmbclient0 and
libpdb-devel from libsamba-passdb-devel while not
providing it.

- Getting and setting Windows ACLs on symlinks can change
permissions on link

- bsc#924519: Upgrade on-disk FSRVP server state to new
version.

- bsc#968973: Only obsolete but do not provide gplv2/3
package names.

- bso#6482: s3:utils/smbget: Fix recursive download.

- bso#10489: s3: smbd: posix_acls: Fix check for setting
u:g:o entry on a filesystem with no ACL support.

- bso#11643: docs: Add example for domain logins to
smbspool man page.

- bso#11690: s3-client: Add a KRB5 wrapper for smbspool.

- bso#11708: loadparm: Fix memory leak issue.

- bso#11714: lib/tsocket: Work around sockets not
supporting FIONREAD.

- bso#11719: ctdb-scripts: Drop use of 'smbcontrol
winbindd ip-dropped ...'.

- bso#11727: s3:smbd:open: Skip redundant call to
file_set_dosmode when creating a new file.

- bso#11732: param: Fix str_list_v3 to accept ';' again.

- bso#11740: Real memeory leak(buildup) issue in loadparm.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/924519
https://bugzilla.suse.com/936862
https://bugzilla.suse.com/968973
https://bugzilla.suse.com/971965
https://bugzilla.suse.com/972197
https://bugzilla.suse.com/973031
https://bugzilla.suse.com/973032
https://bugzilla.suse.com/973033
https://bugzilla.suse.com/973034
https://bugzilla.suse.com/973036
https://bugzilla.suse.com/973832
https://bugzilla.suse.com/974629
https://www.suse.com/security/cve/CVE-2015-5370.html
https://www.suse.com/security/cve/CVE-2016-2110.html
https://www.suse.com/security/cve/CVE-2016-2111.html
https://www.suse.com/security/cve/CVE-2016-2112.html
https://www.suse.com/security/cve/CVE-2016-2113.html
https://www.suse.com/security/cve/CVE-2016-2115.html
https://www.suse.com/security/cve/CVE-2016-2118.html
http://www.nessus.org/u?a539f801

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP1 :

zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-604=1

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-604=1

SUSE Linux Enterprise High Availability 12-SP1 :

zypper in -t patch SUSE-SLE-HA-12-SP1-2016-604=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-604=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 90534 ()

Bugtraq ID:

CVE ID: CVE-2015-5370
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2115
CVE-2016-2118

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now