Security update for samba
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:1107-1
Final
1
1
2016-04-20T06:12:18Z
current
2016-04-20T06:12:18Z
2016-04-20T06:12:18Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for samba
This update fixes these security vulnerabilities:
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2114: 'server signing = mandatory' not enforced (bsc#973035).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).
- CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).
The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions
are no longer supported by upstream. As a side effect, libpdb0 package
was replaced by libsamba-passdb0.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
E-Mail link for openSUSE-SU-2016:1107-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
ctdb-4.2.4-3.54.2
ctdb-devel-4.2.4-3.54.2
ctdb-pcp-pmda-4.2.4-3.54.2
ctdb-tests-4.2.4-3.54.2
libdcerpc-atsvc-devel-4.2.4-3.54.2
libdcerpc-atsvc0-4.2.4-3.54.2
libdcerpc-atsvc0-32bit-4.2.4-3.54.2
libdcerpc-binding0-4.2.4-3.54.2
libdcerpc-binding0-32bit-4.2.4-3.54.2
libdcerpc-devel-4.2.4-3.54.2
libdcerpc-samr-devel-4.2.4-3.54.2
libdcerpc-samr0-4.2.4-3.54.2
libdcerpc-samr0-32bit-4.2.4-3.54.2
libdcerpc0-4.2.4-3.54.2
libdcerpc0-32bit-4.2.4-3.54.2
libgensec-devel-4.2.4-3.54.2
libgensec0-4.2.4-3.54.2
libgensec0-32bit-4.2.4-3.54.2
libndr-devel-4.2.4-3.54.2
libndr-krb5pac-devel-4.2.4-3.54.2
libndr-krb5pac0-4.2.4-3.54.2
libndr-krb5pac0-32bit-4.2.4-3.54.2
libndr-nbt-devel-4.2.4-3.54.2
libndr-nbt0-4.2.4-3.54.2
libndr-nbt0-32bit-4.2.4-3.54.2
libndr-standard-devel-4.2.4-3.54.2
libndr-standard0-4.2.4-3.54.2
libndr-standard0-32bit-4.2.4-3.54.2
libndr0-4.2.4-3.54.2
libndr0-32bit-4.2.4-3.54.2
libnetapi-devel-4.2.4-3.54.2
libnetapi0-4.2.4-3.54.2
libnetapi0-32bit-4.2.4-3.54.2
libregistry-devel-4.2.4-3.54.2
libregistry0-4.2.4-3.54.2
libregistry0-32bit-4.2.4-3.54.2
libsamba-credentials-devel-4.2.4-3.54.2
libsamba-credentials0-4.2.4-3.54.2
libsamba-credentials0-32bit-4.2.4-3.54.2
libsamba-hostconfig-devel-4.2.4-3.54.2
libsamba-hostconfig0-4.2.4-3.54.2
libsamba-hostconfig0-32bit-4.2.4-3.54.2
libsamba-passdb-devel-4.2.4-3.54.2
libsamba-passdb0-4.2.4-3.54.2
libsamba-passdb0-32bit-4.2.4-3.54.2
libsamba-policy-devel-4.2.4-3.54.2
libsamba-policy0-4.2.4-3.54.2
libsamba-policy0-32bit-4.2.4-3.54.2
libsamba-util-devel-4.2.4-3.54.2
libsamba-util0-4.2.4-3.54.2
libsamba-util0-32bit-4.2.4-3.54.2
libsamdb-devel-4.2.4-3.54.2
libsamdb0-4.2.4-3.54.2
libsamdb0-32bit-4.2.4-3.54.2
libsmbclient-devel-4.2.4-3.54.2
libsmbclient-raw-devel-4.2.4-3.54.2
libsmbclient-raw0-4.2.4-3.54.2
libsmbclient-raw0-32bit-4.2.4-3.54.2
libsmbclient0-4.2.4-3.54.2
libsmbclient0-32bit-4.2.4-3.54.2
libsmbconf-devel-4.2.4-3.54.2
libsmbconf0-4.2.4-3.54.2
libsmbconf0-32bit-4.2.4-3.54.2
libsmbldap-devel-4.2.4-3.54.2
libsmbldap0-4.2.4-3.54.2
libsmbldap0-32bit-4.2.4-3.54.2
libtevent-util-devel-4.2.4-3.54.2
libtevent-util0-4.2.4-3.54.2
libtevent-util0-32bit-4.2.4-3.54.2
libwbclient-devel-4.2.4-3.54.2
libwbclient0-4.2.4-3.54.2
libwbclient0-32bit-4.2.4-3.54.2
samba-4.2.4-3.54.2
samba-32bit-4.2.4-3.54.2
samba-client-4.2.4-3.54.2
samba-client-32bit-4.2.4-3.54.2
samba-core-devel-4.2.4-3.54.2
samba-doc-4.2.4-3.54.2
samba-libs-4.2.4-3.54.2
samba-libs-32bit-4.2.4-3.54.2
samba-pidl-4.2.4-3.54.2
samba-python-4.2.4-3.54.2
samba-test-4.2.4-3.54.2
samba-test-devel-4.2.4-3.54.2
samba-winbind-4.2.4-3.54.2
samba-winbind-32bit-4.2.4-3.54.2
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
CVE-2012-6150
low
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2012-6150.html
CVE-2012-6150
https://bugzilla.suse.com/844720
SUSE Bug 844720
https://bugzilla.suse.com/853347
SUSE Bug 853347
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
CVE-2013-4408
important
6.8
AV:A/AC:H/Au:N/C:C/I:C/A:C
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2013-4408.html
CVE-2013-4408
https://bugzilla.suse.com/844720
SUSE Bug 844720
https://bugzilla.suse.com/848101
SUSE Bug 848101
https://bugzilla.suse.com/882906
SUSE Bug 882906
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.
CVE-2013-4496
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2013-4496.html
CVE-2013-4496
https://bugzilla.suse.com/849224
SUSE Bug 849224
https://bugzilla.suse.com/866844
SUSE Bug 866844
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
CVE-2015-0240
important
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2015-0240.html
CVE-2015-0240
https://bugzilla.suse.com/917376
SUSE Bug 917376
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
CVE-2015-5252
moderate
6.8
AV:N/AC:L/Au:S/C:C/I:N/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2015-5252.html
CVE-2015-5252
https://bugzilla.suse.com/958582
SUSE Bug 958582
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.
CVE-2015-5296
moderate
3.2
AV:A/AC:H/Au:N/C:P/I:P/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2015-5296.html
CVE-2015-5296
https://bugzilla.suse.com/1058622
SUSE Bug 1058622
https://bugzilla.suse.com/958584
SUSE Bug 958584
https://bugzilla.suse.com/973031
SUSE Bug 973031
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
CVE-2015-5299
moderate
3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2015-5299.html
CVE-2015-5299
https://bugzilla.suse.com/958583
SUSE Bug 958583
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.
CVE-2015-5330
moderate
4
AV:N/AC:L/Au:S/C:P/I:N/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2015-5330.html
CVE-2015-5330
https://bugzilla.suse.com/958581
SUSE Bug 958581
https://bugzilla.suse.com/958586
SUSE Bug 958586
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
CVE-2015-5370
important
8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2015-5370.html
CVE-2015-5370
https://bugzilla.suse.com/936862
SUSE Bug 936862
https://bugzilla.suse.com/975276
SUSE Bug 975276
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
CVE-2015-7560
moderate
4.9
AV:A/AC:M/Au:S/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2015-7560.html
CVE-2015-7560
https://bugzilla.suse.com/968222
SUSE Bug 968222
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.
CVE-2016-2110
moderate
5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2016-2110.html
CVE-2016-2110
https://bugzilla.suse.com/1009711
SUSE Bug 1009711
https://bugzilla.suse.com/973031
SUSE Bug 973031
https://bugzilla.suse.com/973033
SUSE Bug 973033
https://bugzilla.suse.com/973036
SUSE Bug 973036
https://bugzilla.suse.com/975276
SUSE Bug 975276
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.
CVE-2016-2111
moderate
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2016-2111.html
CVE-2016-2111
https://bugzilla.suse.com/973032
SUSE Bug 973032
https://bugzilla.suse.com/975276
SUSE Bug 975276
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.
CVE-2016-2112
moderate
4.3
AV:A/AC:M/Au:N/C:P/I:P/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2016-2112.html
CVE-2016-2112
https://bugzilla.suse.com/973031
SUSE Bug 973031
https://bugzilla.suse.com/973033
SUSE Bug 973033
https://bugzilla.suse.com/975276
SUSE Bug 975276
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.
CVE-2016-2113
moderate
4.3
AV:A/AC:M/Au:N/C:P/I:P/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2016-2113.html
CVE-2016-2113
https://bugzilla.suse.com/973031
SUSE Bug 973031
https://bugzilla.suse.com/973033
SUSE Bug 973033
https://bugzilla.suse.com/973034
SUSE Bug 973034
https://bugzilla.suse.com/975276
SUSE Bug 975276
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.
CVE-2016-2114
moderate
5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2016-2114.html
CVE-2016-2114
https://bugzilla.suse.com/973035
SUSE Bug 973035
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
CVE-2016-2115
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2016-2115.html
CVE-2016-2115
https://bugzilla.suse.com/973036
SUSE Bug 973036
https://bugzilla.suse.com/975276
SUSE Bug 975276
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
CVE-2016-2118
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.suse.com/security/cve/CVE-2016-2118.html
CVE-2016-2118
https://bugzilla.suse.com/971965
SUSE Bug 971965
https://bugzilla.suse.com/975276
SUSE Bug 975276