Samba 4.2.x < 4.2.7 / 4.3.x < 4.3.3 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9347

Synopsis

The remote Samba server is affected by a multiple security issues.

Description

According to its banner, the version of Samba is 4.2.x earlier than 4.2.7, or 4.3.x earlier than 4.3.3. It is therefore affected by the following vulnerabilities :

- A flaw exists in the 'ldb_wildcard_compare()' function in 'lib/ldb/common/ldb_match.c' that is triggered when handling LDAP requests. This may allow a remote attacker to exhaust available CPU resources. (CVE-2015-3223)
- A flaw exists in the 'check_reduced_name_with_privilege()' and 'check_reduced_name()' functions in 'smbd/vfs.c' that allows traversing outside of a restricted path. The issue is due to users being permitted to follow symlinks pointing to resources in another directory that shares a common path prefix. This may allow a remote attacker to access files outside the exported share path. According to the vendor, exploitation requires that a Samba share "is configured with a path that shares a common path prefix with another directory on the file system". (CVE-2015-5252)
- A flaw exists that is triggered when handling encrypted client sessions due to missing signing. This may allow a Man-in-the-Middle (MitM) attacker to downgrade the security of the connection, making it easier to break the encryption and monitor or manipulate communication. (CVE-2015-5296)
- A flaw exists in the 'shadow_copy2_get_shadow_copy_data()' function in 'modules/vfs_shadow_copy2.c' due to missing access control checks when accessing snapshots. This may allow an authenticated, remote attacker to gain knowledge of potentially sensitive information. (CVE-2015-5299)
- A flaw exists in 'libcli/ldap/ldap_message.c' that is triggered when handling LDAP requests. This may allow a remote attacker to exhaust available memory resources and potentially cause the process to be terminated. (CVE-2015-7540)

Solution

Upgrade Samba to version 4.3.3 or later. If 4.3.x cannot be obtained, version 4.2.7 is also patched for these issues.

See Also

https://www.samba.org/samba/security/CVE-2015-3223.html

https://www.samba.org/samba/security/CVE-2015-5252.html

https://www.samba.org/samba/security/CVE-2015-5296.html

https://www.samba.org/samba/security/CVE-2015-5299.html

https://www.samba.org/samba/security/CVE-2015-7540.html

http://www.samba.org/samba/history/samba-4.2.7.html

http://www.samba.org/samba/history/samba-4.3.3.html

Plugin Details

Severity: Medium

ID: 9347

Family: Samba

Published: 2016/06/09

Modified: 2016/06/09

Dependencies: 8741

Nessus ID: 87768, 89144, 89376

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5

Temporal Score: 4.4

Vector: CVSS3#AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Patch Publication Date: 2015/12/16

Vulnerability Publication Date: 2014/09/26

Reference Information

CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-7540

BID: 79729, 79731, 79732, 79733, 79736