Debian DSA-3433-1 : samba - security update

Severity

Theme

Debian DSA-3433-1 : samba - security update

high Nessus Plugin ID 87684

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues :

- CVE-2015-3223 Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can cause the Samba LDAP server to hang, spinning using CPU. A remote attacker can take advantage of this flaw to mount a denial of service.

- CVE-2015-5252 Jan 'Yenya' Kasprzak and the Computer Systems Unit team at Faculty of Informatics, Masaryk University discovered that insufficient symlink verification could allow data access outside an exported share path.

- CVE-2015-5296 Stefan Metzmacher of SerNet discovered that Samba does not ensure that signing is negotiated when creating an encrypted client connection to a server. This allows a man-in-the-middle attacker to downgrade the connection and connect using the supplied credentials as an unsigned, unencrypted connection.

- CVE-2015-5299 It was discovered that a missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots.

- CVE-2015-5330 Douglas Bagnall of Catalyst discovered that the Samba LDAP server is vulnerable to a remote memory read attack. A remote attacker can obtain sensitive information from daemon heap memory by sending crafted packets and then either read an error message, or a database value.

- CVE-2015-7540 It was discovered that a malicious client can send packets that cause the LDAP server provided by the AD DC in the samba daemon process to consume unlimited memory and be terminated.

- CVE-2015-8467 Andrew Bartlett of the Samba Team and Catalyst discovered that a Samba server deployed as an AD DC can expose Windows DCs in the same domain to a denial of service via the creation of multiple machine accounts.
This issue is related to the MS15-096 / CVE-2015-2535 security issue in Windows.

Solution

Upgrade the samba packages.

For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u6. The oldstable distribution (wheezy) is only affected by CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299.

For the stable distribution (jessie), these problems have been fixed in version 2:4.1.17+dfsg-2+deb8u1. The fixes for CVE-2015-3223 and CVE-2015-5330 required an update to ldb 2:1.1.17-2+deb8u1 to correct the defects.

Plugin Details

Severity: High

ID: 87684

File Name: debian_DSA-3433.nasl

Version: 2.11

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 1/4/2016

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:samba, cpe:/o:debian:debian_linux:7.0, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 1/2/2016

Reference Information

CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467

DSA: 3433