Scientific Linux Security Update : samba on SL7.x x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A flaw was found in the way Samba initiated signed
DCE/RPC connections. A man-in-the-middle attacker could
use this flaw to downgrade the connection to not use
signing and therefore impersonate the server.
(CVE-2016-2119)

Bug Fix(es) :

- Previously, the 'net' command in some cases failed to
join the client to Active Directory (AD) because the
permissions setting prevented modification of the
supported Kerberos encryption type LDAP attribute. With
this update, Samba has been fixed to allow joining an AD
domain as a user. In addition, Samba now uses the
machine account credentials to set up the Kerberos
encryption types within AD for the joined machine. As a
result, using 'net' to join a domain now works more
reliably.

- Previously, the idmap_hash module worked incorrectly
when it was used together with other modules. As a
consequence, user and group IDs were not mapped
properly. A patch has been applied to skip already
configured modules. Now, the hash module can be used as
the default idmap configuration back end and IDs are
resolved correctly.

See also :

http://www.nessus.org/u?fc8afcbd

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 92582 ()

Bugtraq ID:

CVE ID: CVE-2016-2119

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now