Debian DSA-3548-1 : samba - security update (Badlock)

high Nessus Plugin ID 90515
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues :

- CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks.

- CVE-2016-2110 Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks.

- CVE-2016-2111 When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same vulnerability as CVE-2015-0005 for Windows, discovered by Alberto Solino from Core Security.

- CVE-2016-2112 Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can downgrade LDAP connections to avoid integrity protection.

- CVE-2016-2113 Stefan Metzmacher of SerNet and the Samba Team discovered that man-in-the-middle attacks are possible for client triggered LDAP connections and ncacn_http connections.

- CVE-2016-2114 Stefan Metzmacher of SerNet and the Samba Team discovered that Samba does not enforce required smb signing even if explicitly configured.

- CVE-2016-2115 Stefan Metzmacher of SerNet and the Samba Team discovered that SMB connections for IPC traffic are not integrity-protected.

- CVE-2016-2118 Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can intercept any DCERPC traffic between a client and a server in order to impersonate the client and obtain the same privileges as the authenticated user account.

Solution

Upgrade the samba packages.

For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u9. The oldstable distribution is not affected by CVE-2016-2113 and CVE-2016-2114.

For the stable distribution (jessie), these problems have been fixed in version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading to the new upstream version 4.2.10, which includes additional changes and bugfixes. The depending libraries ldb, talloc, tdb and tevent required as well an update to new upstream versions for this update.

Please refer to

- https://www.samba.org/samba/latest_news.html#4.4.2
- https://www.samba.org/samba/history/samba-4.2.0.html

- https://www.samba.org/samba/history/samba-4.2.10.html

for further details (in particular for new options and defaults).


We'd like to thank Andreas Schneider and Guenther Deschner (Red Hat), Stefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE) for the massive backporting work required to support Samba 3.6 and Samba 4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent for their help in preparing updates of Samba and the underlying infrastructure libraries.

See Also

https://security-tracker.debian.org/tracker/CVE-2015-5370

https://security-tracker.debian.org/tracker/CVE-2016-2110

https://security-tracker.debian.org/tracker/CVE-2016-2111

https://security-tracker.debian.org/tracker/CVE-2015-0005

https://security-tracker.debian.org/tracker/CVE-2016-2112

https://security-tracker.debian.org/tracker/CVE-2016-2113

https://security-tracker.debian.org/tracker/CVE-2016-2114

https://security-tracker.debian.org/tracker/CVE-2016-2115

https://security-tracker.debian.org/tracker/CVE-2016-2118

https://security-tracker.debian.org/tracker/CVE-2016-2113

https://security-tracker.debian.org/tracker/CVE-2016-2114

https://www.samba.org/samba/latest_news.html#4.4.2

https://www.samba.org/samba/history/samba-4.2.0.html

https://www.samba.org/samba/history/samba-4.2.10.html

https://packages.debian.org/source/wheezy/samba

https://packages.debian.org/source/jessie/samba

https://www.debian.org/security/2016/dsa-3548

Plugin Details

Severity: High

ID: 90515

File Name: debian_DSA-3548.nasl

Version: 2.18

Type: local

Agent: unix

Published: 4/14/2016

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:samba, cpe:/o:debian:debian_linux:7.0, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2016

Vulnerability Publication Date: 4/12/2016

Reference Information

CVE: CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118

DSA: 3548