Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Ubuntu: 3158-1 Moderate: Samba Security Issues and Risks

ubuntu
Calendar Grey December 19, 2016
Scroller Ubuntu
Strengthen your Ubuntu systems' security by applying the latest Samba updates to reduce unauthorized admin access and defend against Denial of Service threats
Several security issues were fixed in Samba.

Summary

Several security issues were fixed in Samba.

Software Description:

- samba: SMB/CIFS file, print, and login server for Unix

Details:

Frederic Besler and others discovered that the ndr_pull_dnsp_nam

function in Samba contained an integer overflow. An authenticated

attacker could use this to gain administrative privileges. This issue

only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10.

(CVE-2016-2123)

Simo Sorce discovered that that Samba clients always requested

a forwardable ticket when using Kerberos authentication. An

attacker could use this to impersonate an authenticated user or

service. (CVE-2016-2125)

Volker Lendecke discovered that Kerberos PAC validation implementation

in Samba contained multiple vulnerabilities. An authenticated attacker

could use this to cause a denial of service or gain administrative

privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04

LTS, and Ubuntu 16.10. (CVE-2016-2126)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  libsmbclient                    2:4.4.5+dfsg-2ubuntu5.2
  samba                           2:4.4.5+dfsg-2ubuntu5.2
  winbind                         2:4.4.5+dfsg-2ubuntu5.2

Ubuntu 16.04 LTS:
  libsmbclient                    2:4.3.11+dfsg-0ubuntu0.16.04.3
  samba                           2:4.3.11+dfsg-0ubuntu0.16.04.3
  winbind                         2:4.3.11+dfsg-0ubuntu0.16.04.3

Ubuntu 14.04 LTS:
  libsmbclient                    2:4.3.11+dfsg-0ubuntu0.14.04.4
  samba                           2:4.3.11+dfsg-0ubuntu0.14.04.4
  winbind                         2:4.3.11+dfsg-0ubuntu0.14.04.4

Ubuntu 12.04 LTS:
  libsmbclient                    2:3.6.25-0ubuntu0.12.04.5
  samba                           2:3.6.25-0ubuntu0.12.04.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3158-1

CVE-2016-2123, CVE-2016-2125, CVE-2016-2126

Severity
important
Lowest
Low
Medium
High
Critical

December 19, 2016

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.