Debian DSA-5071-1 : samba - security update

high Nessus Plugin ID 157908

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5071 advisory.

- The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)

- A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)

- The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the samba packages.

For the stable distribution (bullseye), these problems have been fixed in version 2

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001068

https://security-tracker.debian.org/tracker/source-package/samba

https://www.debian.org/security/2022/dsa-5071

https://security-tracker.debian.org/tracker/CVE-2020-25717

https://security-tracker.debian.org/tracker/CVE-2021-44142

https://security-tracker.debian.org/tracker/CVE-2022-0336

https://packages.debian.org/source/buster/samba

https://packages.debian.org/source/bullseye/samba

Plugin Details

Severity: High

ID: 157908

File Name: debian_DSA-5071.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2/11/2022

Updated: 3/21/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-44142

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-0336

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libpam-winbind, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libparse-pidl-perl, p-cpe:/a:debian:debian_linux:python-samba, p-cpe:/a:debian:debian_linux:samba-dsdb-modules, p-cpe:/a:debian:debian_linux:python3-samba, p-cpe:/a:debian:debian_linux:ctdb, p-cpe:/a:debian:debian_linux:smbclient, p-cpe:/a:debian:debian_linux:winbind, p-cpe:/a:debian:debian_linux:libsmbclient, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:samba-dev, p-cpe:/a:debian:debian_linux:samba-libs, p-cpe:/a:debian:debian_linux:samba, p-cpe:/a:debian:debian_linux:registry-tools, p-cpe:/a:debian:debian_linux:samba-common-bin, p-cpe:/a:debian:debian_linux:libwbclient-dev, p-cpe:/a:debian:debian_linux:samba-vfs-modules, p-cpe:/a:debian:debian_linux:samba-testsuite, p-cpe:/a:debian:debian_linux:libwbclient0, p-cpe:/a:debian:debian_linux:libsmbclient-dev, p-cpe:/a:debian:debian_linux:libnss-winbind, p-cpe:/a:debian:debian_linux:samba-common

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/11/2022

Vulnerability Publication Date: 11/9/2021

Reference Information

CVE: CVE-2020-25717, CVE-2021-44142, CVE-2022-0336

IAVA: 2022-A-0054-S