openSUSE Security Update : ldb / samba / talloc / etc (openSUSE-2015-943)

Medium Nessus Plugin ID 87621

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs :

The Samba LDB was updated to version 1.1.24 :

- Fix ldap \00 search expression attack dos;
CVE-2015-3223; (bso#11325)

- Fix remote read memory exploit in ldb; CVE-2015-5330;
(bso#11599)

- Move ldb_(un)pack_data into ldb_module.h for testing

- Fix installation of _ldb_text.py

- Fix propagation of ldb errors through tdb

- Fix bug triggered by having an empty message in database during search

Samba was updated to fix these issues :

- Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325);
(bnc#958581).

- Remote read memory exploit in LDB; CVE-2015-5330;
(bso#11599); (bnc#958586).

- Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582).

- No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296;
(bso#11536); (bnc#958584).

- Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299;
(bso#11529); (bnc#958583).

- Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467;
(bso#11552); (bnc#958585).

- Changing log level of two entries to from 1 to 3;
(bso#9912).

- vfs_gpfs: Re-enable share modes; (bso#11243).

- wafsamba: Also build libraries with RELRO protection;
(bso#11346).

- ctdb: Strip trailing spaces from nodes file;
(bso#11365).

- s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452).

- nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563).

- async_req: Fix non-blocking connect(); (bso#11564).

- auth: gensec: Fix a memory leak; (bso#11565).

- lib: util: Make non-critical message a warning;
(bso#11566).

- Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022).

- smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).

- ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).

- manpage: Correct small typo error; (bso#11584).

- s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589).

- Backport some valgrind fixes from upstream master;
(bso#11597).

- s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615).

- docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619).

- Cleanup and enhance the pidl sub package.

- s3: smbd: Fix our access-based enumeration on 'hide unreadable' to match Windows; (bso#10252).

- smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).

- kerberos: Make sure we only use prompter type when available; (bso#11038).

- s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket; (bso#11316).

- dcerpc.idl: accept invalid dcerpc_bind_nak pdus;
(bso#11327).

- Fix a deadlock in tdb; (bso#11381).

- s3: smbd: Fix mkdir race condition; (bso#11486).

- pam_winbind: Fix a segfault if initialization fails;
(bso#11502).

- s3: dfs: Fix a crash when the dfs targets are disabled;
(bso#11509).

- s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522).

- net: Fix a crash with 'net ads keytab create';
(bso#11528).

- s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535).

- vfs_fruit: Return value of ad_pack in vfs_fruit.c;
(bso#11543).

- vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).

- Fix bug in smbstatus where the lease info is not printed; (bso#11549).

- s3:smbstatus: Add stream name to share_entry_forall();
(bso#11550).

- Prevent NULL pointer access in samlogon fallback when security credentials are null; (bnc#949022).

- Fix 100% CPU in winbindd when logging in with 'user must change password on next logon'; (bso#11038).

talloc was updated to version 2.1.5; (bsc#954658) (bsc#951660).

- Test that talloc magic differs between processes.

- Increment minor version due to added talloc_test_get_magic.

- Provide tests access to talloc_magic.

- Test magic protection measures.

tdb was updated to version 1.3.8; (bsc#954658).

- Improved python3 bindings

tevent was updated to 0.9.26; (bsc#954658).

- New tevent_thread_proxy api

- Minor build fixes This update was imported from the SUSE:SLE-12-SP1:Update update project.

Solution

Update the affected ldb / samba / talloc / etc packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=949022

https://bugzilla.opensuse.org/show_bug.cgi?id=951660

https://bugzilla.opensuse.org/show_bug.cgi?id=954658

https://bugzilla.opensuse.org/show_bug.cgi?id=958581

https://bugzilla.opensuse.org/show_bug.cgi?id=958582

https://bugzilla.opensuse.org/show_bug.cgi?id=958583

https://bugzilla.opensuse.org/show_bug.cgi?id=958584

https://bugzilla.opensuse.org/show_bug.cgi?id=958585

https://bugzilla.opensuse.org/show_bug.cgi?id=958586

Plugin Details

Severity: Medium

ID: 87621

File Name: openSUSE-2015-943.nasl

Version: 2.7

Type: local

Agent: unix

Published: 2015/12/29

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.9

CVSS v2.0

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ldb-debugsource, p-cpe:/a:novell:opensuse:ldb-tools, p-cpe:/a:novell:opensuse:ldb-tools-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0, p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc-devel, p-cpe:/a:novell:opensuse:libdcerpc-samr-devel, p-cpe:/a:novell:opensuse:libdcerpc-samr0, p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit, p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libdcerpc0, p-cpe:/a:novell:opensuse:libdcerpc0-32bit, p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo, p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libgensec-devel, p-cpe:/a:novell:opensuse:libgensec0, p-cpe:/a:novell:opensuse:libgensec0-32bit, p-cpe:/a:novell:opensuse:libgensec0-debuginfo, p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libldb-devel, p-cpe:/a:novell:opensuse:libldb1, p-cpe:/a:novell:opensuse:libldb1-32bit, p-cpe:/a:novell:opensuse:libldb1-debuginfo, p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac-devel, p-cpe:/a:novell:opensuse:libndr-krb5pac0, p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit, p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo, p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr-nbt-devel, p-cpe:/a:novell:opensuse:libndr-nbt0, p-cpe:/a:novell:opensuse:libndr-nbt0-32bit, p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo, p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr-standard-devel, p-cpe:/a:novell:opensuse:libndr-standard0, p-cpe:/a:novell:opensuse:libndr-standard0-32bit, p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo, p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libndr0, p-cpe:/a:novell:opensuse:libndr0-32bit, p-cpe:/a:novell:opensuse:libndr0-debuginfo, p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libnetapi-devel, p-cpe:/a:novell:opensuse:libnetapi0, p-cpe:/a:novell:opensuse:libnetapi0-32bit, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo, p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libregistry-devel, p-cpe:/a:novell:opensuse:libregistry0, p-cpe:/a:novell:opensuse:libregistry0-32bit, p-cpe:/a:novell:opensuse:libregistry0-debuginfo, p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-credentials-devel, p-cpe:/a:novell:opensuse:libsamba-credentials0, p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit, p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel, p-cpe:/a:novell:opensuse:libsamba-hostconfig0, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-passdb-devel, p-cpe:/a:novell:opensuse:libsamba-passdb0, p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit, p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-policy-devel, p-cpe:/a:novell:opensuse:libsamba-policy0, p-cpe:/a:novell:opensuse:libsamba-policy0-32bit, p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamba-util-devel, p-cpe:/a:novell:opensuse:libsamba-util0, p-cpe:/a:novell:opensuse:libsamba-util0-32bit, p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo, p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsamdb-devel, p-cpe:/a:novell:opensuse:libsamdb0, p-cpe:/a:novell:opensuse:libsamdb0-32bit, p-cpe:/a:novell:opensuse:libsamdb0-debuginfo, p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient-devel, p-cpe:/a:novell:opensuse:libsmbclient-raw-devel, p-cpe:/a:novell:opensuse:libsmbclient-raw0, p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit, p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbclient0, p-cpe:/a:novell:opensuse:libsmbclient0-32bit, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo, p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbconf-devel, p-cpe:/a:novell:opensuse:libsmbconf0, p-cpe:/a:novell:opensuse:libsmbconf0-32bit, p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo, p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsmbldap-devel, p-cpe:/a:novell:opensuse:libsmbldap0, p-cpe:/a:novell:opensuse:libsmbldap0-32bit, p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo, p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtalloc-devel, p-cpe:/a:novell:opensuse:libtalloc2, p-cpe:/a:novell:opensuse:libtalloc2-32bit, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo, p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtdb-devel, p-cpe:/a:novell:opensuse:libtdb1, p-cpe:/a:novell:opensuse:libtdb1-32bit, p-cpe:/a:novell:opensuse:libtdb1-debuginfo, p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent-devel, p-cpe:/a:novell:opensuse:libtevent-util-devel, p-cpe:/a:novell:opensuse:libtevent-util0, p-cpe:/a:novell:opensuse:libtevent-util0-32bit, p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo, p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libtevent0, p-cpe:/a:novell:opensuse:libtevent0-32bit, p-cpe:/a:novell:opensuse:libtevent0-debuginfo, p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit, p-cpe:/a:novell:opensuse:libwbclient-devel, p-cpe:/a:novell:opensuse:libwbclient0, p-cpe:/a:novell:opensuse:libwbclient0-32bit, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo, p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit, p-cpe:/a:novell:opensuse:pyldb, p-cpe:/a:novell:opensuse:pyldb-32bit, p-cpe:/a:novell:opensuse:pyldb-debuginfo, p-cpe:/a:novell:opensuse:pyldb-debuginfo-32bit, p-cpe:/a:novell:opensuse:pyldb-devel, p-cpe:/a:novell:opensuse:pytalloc, p-cpe:/a:novell:opensuse:pytalloc-32bit, p-cpe:/a:novell:opensuse:pytalloc-debuginfo, p-cpe:/a:novell:opensuse:pytalloc-debuginfo-32bit, p-cpe:/a:novell:opensuse:pytalloc-devel, p-cpe:/a:novell:opensuse:python-tdb, p-cpe:/a:novell:opensuse:python-tdb-32bit, p-cpe:/a:novell:opensuse:python-tdb-debuginfo, p-cpe:/a:novell:opensuse:python-tdb-debuginfo-32bit, p-cpe:/a:novell:opensuse:python-tevent, p-cpe:/a:novell:opensuse:python-tevent-32bit, p-cpe:/a:novell:opensuse:python-tevent-debuginfo, p-cpe:/a:novell:opensuse:python-tevent-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba, p-cpe:/a:novell:opensuse:samba-32bit, p-cpe:/a:novell:opensuse:samba-client, p-cpe:/a:novell:opensuse:samba-client-32bit, p-cpe:/a:novell:opensuse:samba-client-debuginfo, p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-core-devel, p-cpe:/a:novell:opensuse:samba-debuginfo, p-cpe:/a:novell:opensuse:samba-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-debugsource, p-cpe:/a:novell:opensuse:samba-libs, p-cpe:/a:novell:opensuse:samba-libs-32bit, p-cpe:/a:novell:opensuse:samba-libs-debuginfo, p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:samba-pidl, p-cpe:/a:novell:opensuse:samba-python, p-cpe:/a:novell:opensuse:samba-python-debuginfo, p-cpe:/a:novell:opensuse:samba-test, p-cpe:/a:novell:opensuse:samba-test-debuginfo, p-cpe:/a:novell:opensuse:samba-test-devel, p-cpe:/a:novell:opensuse:samba-winbind, p-cpe:/a:novell:opensuse:samba-winbind-32bit, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo, p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit, p-cpe:/a:novell:opensuse:talloc-debugsource, p-cpe:/a:novell:opensuse:tdb-debugsource, p-cpe:/a:novell:opensuse:tdb-tools, p-cpe:/a:novell:opensuse:tdb-tools-debuginfo, p-cpe:/a:novell:opensuse:tevent-debugsource, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/12/23

Reference Information

CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-8467