Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 12 Apr 2016 21:46:36 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Critical: samba on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: <20160412214636.29619.90446@slpackages.fnal.gov> Synopsis: Critical: samba security update Advisory ID: SLSA-2016:0611-1 Issue Date: 2016-04-12 CVE Numbers: CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 CVE-2015-5370 -- Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Scientific Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) -- SL6 x86_64 libsmbclient-3.6.23-30.el6_7.i686.rpm libsmbclient-3.6.23-30.el6_7.x86_64.rpm samba-client-3.6.23-30.el6_7.x86_64.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.x86_64.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.x86_64.rpm samba-winbind-3.6.23-30.el6_7.x86_64.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.x86_64.rpm libsmbclient-devel-3.6.23-30.el6_7.i686.rpm libsmbclient-devel-3.6.23-30.el6_7.x86_64.rpm samba-3.6.23-30.el6_7.x86_64.rpm samba-doc-3.6.23-30.el6_7.x86_64.rpm samba-domainjoin-gui-3.6.23-30.el6_7.x86_64.rpm samba-glusterfs-3.6.23-30.el6_7.x86_64.rpm samba-swat-3.6.23-30.el6_7.x86_64.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.x86_64.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.x86_64.rpm i386 libsmbclient-3.6.23-30.el6_7.i686.rpm samba-client-3.6.23-30.el6_7.i686.rpm samba-common-3.6.23-30.el6_7.i686.rpm samba-debuginfo-3.6.23-30.el6_7.i686.rpm samba-winbind-3.6.23-30.el6_7.i686.rpm samba-winbind-clients-3.6.23-30.el6_7.i686.rpm libsmbclient-devel-3.6.23-30.el6_7.i686.rpm samba-3.6.23-30.el6_7.i686.rpm samba-doc-3.6.23-30.el6_7.i686.rpm samba-domainjoin-gui-3.6.23-30.el6_7.i686.rpm samba-swat-3.6.23-30.el6_7.i686.rpm samba-winbind-devel-3.6.23-30.el6_7.i686.rpm samba-winbind-krb5-locator-3.6.23-30.el6_7.i686.rpm - Scientific Linux Development Team