Samba < 4.4.2, 4.3.8, 4.2.11, 3.6.26 Multiple Vulnerabilities

Critical Log Correlation Engine Plugin ID 802024

Synopsis

The specific version of Samba that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of Samba that the system is running is reportedly affected by the following vulnerabilities:

- Samba contains a flaw in the DCE-RPC client that is triggered during the handling of specially crafted DCE-RPC packets. This may allow a remote attacker to conduct a man-in-the-middle attack, downgrade a secure connection to an insecure one, cause a consumption of CPU resources, or potentially execute arbitrary code. (CVE-2015-5370)

- Samba contains a flaw in its implementation of NTLMSSP authentication that may allow a man-in-the-middle attacker to conduct multiple attacks. This may allow the attacker to clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, take over connections, cause traffic to be sent without encryption, or potentially have other impacts. (CVE-2016-2110)

- Samba contains a flaw in NETLOGON that is due to the program failing to properly establish a secure channel connection. This may allow a remote man-in-the-middle attacker to spoof a secure channel's endpoints' computer name and potentially obtain session information. (CVE-2016-2111)

- Samba contains a flaw that is due to a lack of integrity protection mechanisms. This may allow a remote man-in-the-middle attacker to downgrade a secure LDAP connection to an insecure version of the connection. (CVE-2016-2112)

- Samba contains a flaw as TLS certificates are not properly validated for the LDAP and HTTP protocols. By spoofing the server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2016-2113)

- Samba contains a flaw that is due to the program failing to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. This may result in SMB signing not being properly required, potentially allowing a man-in-the-middle attacker to conduct spoofing attacks. (CVE-2016-2114)

- Samba contains a flaw that is due to the program failing to perform integrity checks for SMB client connections. As the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection, this may allow a man-in-the-middle attacker to conduct spoofing attacks. (CVE-2016-2115)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability. In addition, the vendor has released a patch for some older versions.

See Also

https://www.samba.org

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005740

https://download.novell.com/Download?buildid=MVAFl0oMTck~

https://www.synology.com/en-global/releaseNote/DS114

http://www-01.ibm.com/support/docview.wss?uid=nas8N1021296

http://www-01.ibm.com/support/docview.wss?uid=swg21982097

http://www-01.ibm.com/support/docview.wss?uid=swg21982128

http://www-01.ibm.com/support/docview.wss?uid=swg21979985

http://www-01.ibm.com/support/docview.wss?uid=swg21981057

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005773

http://www-01.ibm.com/support/docview.wss?uid=isg400002644

http://www-01.ibm.com/support/docview.wss?uid=isg400002642

http://www-01.ibm.com/support/docview.wss?uid=isg400002641

http://www-01.ibm.com/support/docview.wss?uid=isg400002643

https://www-304.ibm.com/support/docview.wss?uid=swg2C1000130

https://www.asus.com/support/Download/11/2/0/123/g8cCnbZTUFwxSwUH/8/

http://www.asus.com/support/Download/11/2/0/104/8/

https://www.asus.com/support/Download/11/2/0/103/svItyTHFccLwnprr/8/

https://www.asus.com/us/support/Download/11/2/0/84/LzShv8ma7TrQB4eO/8/

https://www.asus.com/us/support/Download/11/2/0/90/rTIld6Xz0olpp3jJ/8/

https://www.asus.com/support/Download/11/2/0/118/D0fBSsSEFn7NBchM/8/

https://www.asus.com/ae-en/support/Download/11/2/0/88/yaPRqqZuiBsRlS5W/8/

https://www.asus.com/us/support/Download/11/2/0/105/ZOquFj8jr5JlYh9g/8/

https://www.asus.com/support/Download/11/2/0/122/EUJsFQxoSIfD9kiC/8/

https://www.asus.com/support/Download/11/2/0/125/eS2N4HnylxXIJYBB/8/

https://www.asus.com/us/support/Download/11/2/0/136/sk9NsZJBiTmcVrql/8/

https://www.samba.org/samba/security/CVE-2015-5370.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00023.html

https://www.suse.com/support/update/announcement/2016/suse-su-20161023-1.html

https://www.suse.com/support/update/announcement/2016/suse-su-20161024-1.html

https://www.suse.com/support/update/announcement/2016/suse-su-20161022-1.html

https://www.suse.com/support/update/announcement/2016/suse-su-20161026-1.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

https://www.debian.org/security/2016/dsa-3548

https://www.suse.com/support/update/announcement/2016/suse-su-20161028-1.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html

http://www.ubuntu.com/usn/usn-2950-1/

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

http://www.ubuntu.com/usn/usn-2950-2/

http://www.ubuntu.com/usn/usn-2950-3/

https://support.f5.com/kb/en-us/solutions/public/k/37/sol37603172.html

http://www.ubuntu.com/usn/usn-2950-4/

https://www.alienvault.com/forums/discussion/7110/security-advisory-alienvault-v5-2-4-addresses-26-vulnerabilities

http://panzura.com/panzura-security-advisory-pzos-2016-002/

https://www.netiq.com/support/kb/doc.php?id=7014420

http://www.ubuntu.com/usn/usn-2950-5/

https://www.asus.com/us/support/Download/11/2/0/149/e5rP2N02bDRfXJUO/8/

https://www.asus.com/us/support/Download/11/2/0/130/1yMJ0MdoohVqba5u/8/

https://www.asus.com/us/support/Download/11/2/0/106/Vph7OwaSwisA6Y1W/8/

https://www.asus.com/us/support/Download/11/2/0/101/ejvcVtFQNPxjVH5w/8/

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05162399

https://www.debian.org/security/2016/dsa-3548.en.html

https://bto.bluecoat.com/security-advisory/sa122

https://www.xerox.com/download/security/security-bulletin/4a8dd-5345d99e50126/cert_XRX16-008-v1-0_MediaDelivery_May2016.pdf

https://www.xerox.com/download/security/security-bulletin/3c0de-5345da2db1afe/cert_XRX16-009-v1-0_UpdateManagerDelivery_May2016.pdf

http://seclists.org/bugtraq/2016/Apr/78

http://seclists.org/bugtraq/2016/Apr/79

http://seclists.org/bugtraq/2016/Jun/17

http://seclists.org/bugtraq/2016/Jun/22

https://www.samba.org/samba/security/CVE-2016-2110.html

http://h20565.www2.hpe.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c05082964

https://www.suse.com/support/update/announcement/2016/suse-su-20161105-1.html

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05082964

https://support.f5.com/kb/en-us/solutions/public/k/53/sol53313971.html

http://seclists.org/bugtraq/2016/May/51

https://www.samba.org/samba/security/CVE-2016-2111.html

https://support.f5.com/kb/en-us/solutions/public/k/79/sol79401162.html

https://www.samba.org/samba/security/CVE-2016-2112.html

https://support.f5.com/kb/en-us/solutions/public/k/47/sol47133310.html

https://www.samba.org/samba/security/CVE-2016-2113.html

https://www.samba.org/samba/security/CVE-2016-2114.html

https://www.samba.org/samba/security/CVE-2016-2115.html

Plugin Details

Severity: Critical

ID: 802024

File Name: 802024.prm

Family: Samba

Published: 2016/09/08

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2016/04/12

Vulnerability Publication Date: 2016/04/12

Reference Information

CVE: CVE-2016-2114, CVE-2016-2115, CVE-2016-2112, CVE-2016-2113, CVE-2016-2110, CVE-2016-2111, CVE-2015-5370