Scientific Linux Security Update : samba on SL6.x i386/x86_64 (Badlock)

Medium Nessus Plugin ID 90504

Synopsis

The remote Scientific Linux host is missing one or more security
updates.

Description

Security Fix(es) :

- Multiple flaws were found in Samba's DCE/RPC protocol
implementation. A remote, authenticated attacker could
use these flaws to cause a denial of service against the
Samba server (high CPU load or a crash) or, possibly,
execute arbitrary code with the permissions of the user
running Samba (root). This flaw could also be used to
downgrade a secure DCE/RPC connection by a
man-in-the-middle attacker taking control of an Active
Directory (AD) object and compromising the security of a
Samba Active Directory Domain Controller (DC).
(CVE-2015-5370)

Note: While Samba packages as shipped in Scientific Linux do not
support running Samba as an AD DC, this flaw applies to all roles
Samba implements.

- A protocol flaw, publicly referred to as Badlock, was
found in the Security Account Manager Remote Protocol
(MS-SAMR) and the Local Security Authority (Domain
Policy) Remote Protocol (MS-LSAD). Any authenticated
DCE/RPC connection that a client initiates against a
server could be used by a man-in-the-middle attacker to
impersonate the authenticated user against the SAMR or
LSA service on the server. As a result, the attacker
would be able to get read/write access to the Security
Account Manager database, and use this to reveal all
passwords or any other potentially sensitive information
in that database. (CVE-2016-2118)

- It was discovered that Samba configured as a Domain
Controller would establish a secure communication
channel with a machine using a spoofed computer name. A
remote attacker able to observe network traffic could
use this flaw to obtain session-related information
about the spoofed machine. (CVE-2016-2111)

- It was found that Samba's LDAP implementation did not
enforce integrity protection for LDAP connections. A
man-in-the-middle attacker could use this flaw to
downgrade LDAP connections to use no integrity
protection, allowing them to hijack such connections.
(CVE-2016-2112)

- It was found that Samba did not enable integrity
protection for IPC traffic by default. A
man-in-the-middle attacker could use this flaw to view
and modify the data sent between a Samba server and a
client. (CVE-2016-2115)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?98da124b

Plugin Details

Severity: Medium

ID: 90504

File Name: sl_20160412_samba_on_SL6_x.nasl

Version: 2.9

Type: local

Agent: unix

Published: 2016/04/13

Modified: 2018/12/28

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Patch Publication Date: 2016/04/12

Reference Information

CVE: CVE-2015-5370, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118