SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)

Medium Nessus Plugin ID 90532


The remote SUSE host is missing one or more security updates.


Samba was updated to the 4.2.x codestream, bringing some new features and security fixes (bsc#973832, FATE#320709).

These security issues were fixed :

- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).

- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).

- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).

- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).

- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).

- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).

- CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).

Also the following fixes were done :

- Upgrade on-disk FSRVP server state to new version;

- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).

- Align fsrvp feature sources with upstream version.

- Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel;

- s3:utils/smbget: Fix recursive download; (bso#6482).

- s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489).

- docs: Add example for domain logins to smbspool man page; (bso#11643).

- s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).

- loadparm: Fix memory leak issue; (bso#11708).

- lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).

- ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719).

- s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727).

- param: Fix str_list_v3 to accept ';' again; (bso#11732).

- Real memeory leak(buildup) issue in loadparm;

- Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (bsc#972197).

- Getting and setting Windows ACLs on symlinks can change permissions on link

- Only obsolete but do not provide gplv2/3 package names;

- Enable clustering (CTDB) support; (bsc#966271).

- s3: smbd: Fix timestamp rounding inside SMB2 create;
(bso#11703); (bsc#964023).

- vfs_fruit: Fix renaming directories with open files;

- Fix MacOS finder error 36 when copying folder to Samba;

- s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400).

- Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix;

- s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections;

- Reduce the memory footprint of empty string options;

- lib/async_req: Do not install async_connect_send_test;

- docs: Fix typos in man vfs_gpfs; (bso#11641).

- smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645).

- smbcacls: Fix uninitialized variable; (bso#11682).

- s3:smbd: Ignore initial allocation size for directory creation; (bso#11684).

- Changing log level of two entries to from 1 to 3;

- vfs_gpfs: Re-enable share modes; (bso#11243).

- wafsamba: Also build libraries with RELRO protection;

- ctdb: Strip trailing spaces from nodes file;

- s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452).

- nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563).

- async_req: Fix non-blocking connect(); (bso#11564).

- auth: gensec: Fix a memory leak; (bso#11565).

- lib: util: Make non-critical message a warning;

- Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bsc#949022).

- smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).

- ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).

- manpage: Correct small typo error; (bso#11584).

- s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589).

- Backport some valgrind fixes from upstream master;

- s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615).

- docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2016-605=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-605=1

SUSE Linux Enterprise High Availability 12 :

zypper in -t patch SUSE-SLE-HA-12-2016-605=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1

To bring your system up-to-date, use 'zypper patch'.

See Also

Plugin Details

Severity: Medium

ID: 90532

File Name: suse_SU-2016-1022-1.nasl

Version: $Revision: 2.10 $

Type: local

Agent: unix

Published: 2016/04/15

Modified: 2016/12/27

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 7.5

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libdcerpc-binding0, p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo, p-cpe:/a:novell:suse_linux:libdcerpc0, p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo, p-cpe:/a:novell:suse_linux:libgensec0, p-cpe:/a:novell:suse_linux:libgensec0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-krb5pac0, p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-nbt0, p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-standard0, p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo, p-cpe:/a:novell:suse_linux:libndr0, p-cpe:/a:novell:suse_linux:libndr0-debuginfo, p-cpe:/a:novell:suse_linux:libnetapi0, p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo, p-cpe:/a:novell:suse_linux:libregistry0, p-cpe:/a:novell:suse_linux:libregistry0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-credentials0, p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-hostconfig0, p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-passdb0, p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-util0, p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo, p-cpe:/a:novell:suse_linux:libsamdb0, p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbclient-raw0, p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbclient0, p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbconf0, p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbldap0, p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo, p-cpe:/a:novell:suse_linux:libtevent-util0, p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo, p-cpe:/a:novell:suse_linux:libwbclient0, p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo, p-cpe:/a:novell:suse_linux:samba, p-cpe:/a:novell:suse_linux:samba-client, p-cpe:/a:novell:suse_linux:samba-client-debuginfo, p-cpe:/a:novell:suse_linux:samba-debuginfo, p-cpe:/a:novell:suse_linux:samba-debugsource, p-cpe:/a:novell:suse_linux:samba-libs, p-cpe:/a:novell:suse_linux:samba-libs-debuginfo, p-cpe:/a:novell:suse_linux:samba-winbind, p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/04/12

Reference Information

CVE: CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2115, CVE-2016-2118

OSVDB: 136339, 136989, 136990, 136991, 136992, 136993, 136995