Detections
Analytics
SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)
high Nessus Plugin ID 90532
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
Samba was updated to the 4.2.x codestream, bringing some new features and security fixes (bsc#973832, FATE#320709).These security issues were fixed :
- CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).
- CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).
- CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).
- CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).
- CVE-2016-2113: TLS certificate validation were missing (bsc#973034).
- CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).
- CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).
Also the following fixes were done :
- Upgrade on-disk FSRVP server state to new version;
(bsc#924519).
- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).
- Align fsrvp feature sources with upstream version.
- Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel;
(bsc#973832).
- s3:utils/smbget: Fix recursive download; (bso#6482).
- s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489).
- docs: Add example for domain logins to smbspool man page; (bso#11643).
- s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
- loadparm: Fix memory leak issue; (bso#11708).
- lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
- ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719).
- s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727).
- param: Fix str_list_v3 to accept ';' again; (bso#11732).
- Real memeory leak(buildup) issue in loadparm;
(bso#11740).
- Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (bsc#972197).
- Getting and setting Windows ACLs on symlinks can change permissions on link
- Only obsolete but do not provide gplv2/3 package names;
(bsc#968973).
- Enable clustering (CTDB) support; (bsc#966271).
- s3: smbd: Fix timestamp rounding inside SMB2 create;
(bso#11703); (bsc#964023).
- vfs_fruit: Fix renaming directories with open files;
(bso#11065).
- Fix MacOS finder error 36 when copying folder to Samba;
(bso#11347).
- s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400).
- Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix;
(bso#11466).
- s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections;
(bso#11624).
- Reduce the memory footprint of empty string options;
(bso#11625).
- lib/async_req: Do not install async_connect_send_test;
(bso#11639).
- docs: Fix typos in man vfs_gpfs; (bso#11641).
- smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645).
- smbcacls: Fix uninitialized variable; (bso#11682).
- s3:smbd: Ignore initial allocation size for directory creation; (bso#11684).
- Changing log level of two entries to from 1 to 3;
(bso#9912).
- vfs_gpfs: Re-enable share modes; (bso#11243).
- wafsamba: Also build libraries with RELRO protection;
(bso#11346).
- ctdb: Strip trailing spaces from nodes file;
(bso#11365).
- s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452).
- nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563).
- async_req: Fix non-blocking connect(); (bso#11564).
- auth: gensec: Fix a memory leak; (bso#11565).
- lib: util: Make non-critical message a warning;
(bso#11566).
- Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bsc#949022).
- smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
- ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
- manpage: Correct small typo error; (bso#11584).
- s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589).
- Backport some valgrind fixes from upstream master;
(bso#11597).
- s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615).
- docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use YaST online_update.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12 :
zypper in -t patch SUSE-SLE-SDK-12-2016-605=1
SUSE Linux Enterprise Server 12 :
zypper in -t patch SUSE-SLE-SERVER-12-2016-605=1
SUSE Linux Enterprise High Availability 12 :
zypper in -t patch SUSE-SLE-HA-12-2016-605=1
SUSE Linux Enterprise Desktop 12 :
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1
To bring your system up-to-date, use 'zypper patch'.
See Also
https://bugzilla.suse.com/show_bug.cgi?id=320709
https://bugzilla.suse.com/show_bug.cgi?id=913547
https://bugzilla.suse.com/show_bug.cgi?id=919309
https://bugzilla.suse.com/show_bug.cgi?id=924519
https://bugzilla.suse.com/show_bug.cgi?id=936862
https://bugzilla.suse.com/show_bug.cgi?id=942716
https://bugzilla.suse.com/show_bug.cgi?id=946051
https://bugzilla.suse.com/show_bug.cgi?id=949022
https://bugzilla.suse.com/show_bug.cgi?id=964023
https://bugzilla.suse.com/show_bug.cgi?id=966271
https://bugzilla.suse.com/show_bug.cgi?id=968973
https://bugzilla.suse.com/show_bug.cgi?id=971965
https://bugzilla.suse.com/show_bug.cgi?id=972197
https://bugzilla.suse.com/show_bug.cgi?id=973031
https://bugzilla.suse.com/show_bug.cgi?id=973032
https://bugzilla.suse.com/show_bug.cgi?id=973033
https://bugzilla.suse.com/show_bug.cgi?id=973034
https://bugzilla.suse.com/show_bug.cgi?id=973036
https://bugzilla.suse.com/show_bug.cgi?id=973832
https://bugzilla.suse.com/show_bug.cgi?id=974629
https://www.suse.com/security/cve/CVE-2015-5370/
https://www.suse.com/security/cve/CVE-2016-2110/
https://www.suse.com/security/cve/CVE-2016-2111/
https://www.suse.com/security/cve/CVE-2016-2112/
https://www.suse.com/security/cve/CVE-2016-2113/
https://www.suse.com/security/cve/CVE-2016-2115/
Plugin Details
Severity: High
ID: 90532
File Name: suse_SU-2016-1022-1.nasl
Version: 2.15
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 4/15/2016
Updated: 1/6/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:libdcerpc-binding0, p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo, p-cpe:/a:novell:suse_linux:libdcerpc0, p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo, p-cpe:/a:novell:suse_linux:libgensec0, p-cpe:/a:novell:suse_linux:libgensec0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-krb5pac0, p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo, p-cpe:/a:novell:suse_linux:libndr-nbt0, p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo, p-cpe:/a:novell:suse_linux:libtevent-util0, p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo, p-cpe:/a:novell:suse_linux:libwbclient0, p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo, p-cpe:/a:novell:suse_linux:samba, p-cpe:/a:novell:suse_linux:samba-client, p-cpe:/a:novell:suse_linux:samba-client-debuginfo, p-cpe:/a:novell:suse_linux:samba-debuginfo, p-cpe:/a:novell:suse_linux:samba-debugsource, p-cpe:/a:novell:suse_linux:samba-libs, p-cpe:/a:novell:suse_linux:samba-libs-debuginfo, p-cpe:/a:novell:suse_linux:samba-winbind, p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:libndr-standard0, p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo, p-cpe:/a:novell:suse_linux:libndr0, p-cpe:/a:novell:suse_linux:libndr0-debuginfo, p-cpe:/a:novell:suse_linux:libnetapi0, p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo, p-cpe:/a:novell:suse_linux:libregistry0, p-cpe:/a:novell:suse_linux:libregistry0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-credentials0, p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-hostconfig0, p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-passdb0, p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo, p-cpe:/a:novell:suse_linux:libsamba-util0, p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo, p-cpe:/a:novell:suse_linux:libsamdb0, p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbclient-raw0, p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbclient0, p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbconf0, p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo, p-cpe:/a:novell:suse_linux:libsmbldap0, p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 4/12/2016
Vulnerability Publication Date: 4/12/2016
Reference Information
CVE: CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2115, CVE-2016-2118