Описание
Security update for samba
samba was updated to fix seven security issues.
These security issues were fixed:
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).
- CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).
These non-security issues were fixed:
- bsc#974629: Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call.
- bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel.
- bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it.
- Getting and setting Windows ACLs on symlinks can change permissions on link
- bsc#924519: Upgrade on-disk FSRVP server state to new version.
- bsc#968973: Only obsolete but do not provide gplv2/3 package names.
- bso#6482: s3:utils/smbget: Fix recursive download.
- bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support.
- bso#11643: docs: Add example for domain logins to smbspool man page.
- bso#11690: s3-client: Add a KRB5 wrapper for smbspool.
- bso#11708: loadparm: Fix memory leak issue.
- bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.
- bso#11719: ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'.
- bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file.
- bso#11732: param: Fix str_list_v3 to accept ';' again.
- bso#11740: Real memeory leak(buildup) issue in loadparm.
This update was imported from the SUSE:SLE-12-SP1:Update update project.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1025-1
- SUSE Security Ratings
Описание
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
Затронутые продукты
Ссылки
- CVE-2015-5370
- SUSE Bug 936862
- SUSE Bug 975276
Описание
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.
Затронутые продукты
Ссылки
- CVE-2016-2110
- SUSE Bug 1009711
- SUSE Bug 973031
- SUSE Bug 973033
- SUSE Bug 973036
- SUSE Bug 975276
Описание
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
Затронутые продукты
Ссылки
- CVE-2016-2111
- SUSE Bug 973032
- SUSE Bug 975276
Описание
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
Затронутые продукты
Ссылки
- CVE-2016-2112
- SUSE Bug 973031
- SUSE Bug 973033
- SUSE Bug 975276
Описание
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
Затронутые продукты
Ссылки
- CVE-2016-2113
- SUSE Bug 973031
- SUSE Bug 973033
- SUSE Bug 973034
- SUSE Bug 975276
Описание
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
Затронутые продукты
Ссылки
- CVE-2016-2115
- SUSE Bug 973036
- SUSE Bug 975276
Описание
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
Затронутые продукты
Ссылки
- CVE-2016-2118
- SUSE Bug 971965
- SUSE Bug 975276