FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
3.6.0 <= samba36 <= 3.6.25_3
4.0.0 <= samba4 <= 4.0.26
4.1.0 <= samba41 <= 4.1.23
4.2.0 <= samba42 < 4.2.11
4.3.0 <= samba43 < 4.3.8
4.4.0 <= samba44 < 4.4.2

Details

VuXML ID a636fc26-00d9-11e6-b704-000c292e4fd8
Discovery 2016-04-12
Entry 2016-04-12
Modified 2016-04-12

Samba team reports:

[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks.

[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.

[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.

[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection.

[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).

[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.

[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection.

[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers.

References

CVE Name CVE-2015-5370
CVE Name CVE-2016-2110
CVE Name CVE-2016-2111
CVE Name CVE-2016-2112
CVE Name CVE-2016-2113
CVE Name CVE-2016-2114
CVE Name CVE-2016-2115
CVE Name CVE-2016-2118
URL https://www.samba.org/samba/security/CVE-2015-5370.html
URL https://www.samba.org/samba/security/CVE-2016-2110.html
URL https://www.samba.org/samba/security/CVE-2016-2111.html
URL https://www.samba.org/samba/security/CVE-2016-2112.html
URL https://www.samba.org/samba/security/CVE-2016-2113.html
URL https://www.samba.org/samba/security/CVE-2016-2114.html
URL https://www.samba.org/samba/security/CVE-2016-2115.html
URL https://www.samba.org/samba/security/CVE-2016-2118.html