Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2950-1) (Badlock)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Jouni Knuutinen discovered that Samba contained multiple flaws in the
DCE/RPC implementation. A remote attacker could use this issue to
perform a denial of service, downgrade secure connections by
performing a man in the middle attack, or possibly execute arbitrary
code. (CVE-2015-5370)

Stefan Metzmacher discovered that Samba contained multiple flaws in
the NTLMSSP authentication implementation. A remote attacker could use
this issue to downgrade connections to plain text by performing a man
in the middle attack. (CVE-2016-2110)

Alberto Solino discovered that a Samba domain controller would
establish a secure connection to a server with a spoofed computer
name. A remote attacker could use this issue to obtain sensitive
information. (CVE-2016-2111)

Stefan Metzmacher discovered that the Samba LDAP implementation did
not enforce integrity protection. A remote attacker could use this
issue to hijack LDAP connections by performing a man in the middle
attack. (CVE-2016-2112)

Stefan Metzmacher discovered that Samba did not validate TLS
certificates. A remote attacker could use this issue to spoof a Samba
server. (CVE-2016-2113)

Stefan Metzmacher discovered that Samba did not enforce SMB signing
even if configured to. A remote attacker could use this issue to
perform a man in the middle attack. (CVE-2016-2114)

Stefan Metzmacher discovered that Samba did not enable integrity
protection for IPC traffic. A remote attacker could use this issue to
perform a man in the middle attack. (CVE-2016-2115)

Stefan Metzmacher discovered that Samba incorrectly handled the
MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw
with a man in the middle attack to impersonate users and obtain
sensitive information from the Security Account Manager database. This
flaw is known as Badlock. (CVE-2016-2118)

Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10.
Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security
fixes.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes. Configuration changes
may be required in certain environments.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected samba package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 90588 ()

Bugtraq ID:

CVE ID: CVE-2015-5370
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2114
CVE-2016-2115
CVE-2016-2118

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now