Scientific Linux Security Update : samba on SL6.x i386/x86_64 (Badlock)

Medium Nessus Plugin ID 90504

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security Fix(es) :

- Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).
(CVE-2015-5370)

Note: While Samba packages as shipped in Scientific Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.

- A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)

- It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)

- It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.
(CVE-2016-2112)

- It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?1e4a06c7

Plugin Details

Severity: Medium

ID: 90504

File Name: sl_20160412_samba_on_SL6_x.nasl

Version: Revision: 2.8

Type: local

Agent: unix

Published: 2016/04/13

Modified: 2016/10/19

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2016/04/12

Reference Information

CVE: CVE-2015-5370, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118