Detections
Analytics

Debian DSA-3740-1 : samba - security update

high Nessus Plugin ID 95936

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues :

 - CVE-2016-2119 Stefan Metzmacher discovered that client-side SMB2/3 required signing can be downgraded, allowing a man-in-the-middle attacker to impersonate a server being connected to by Samba, and return malicious results.

 - CVE-2016-2123 Trend Micro's Zero Day Initiative and Frederic Besler discovered that the routine ndr_pull_dnsp_name, used to parse data from the Samba Active Directory ldb database, contains an integer overflow flaw, leading to an attacker-controlled memory overwrite. An authenticated user can take advantage of this flaw for remote privilege escalation.

 - CVE-2016-2125 Simo Sorce of Red Hat discovered that the Samba client code always requests a forwardable ticket when using Kerberos authentication. A target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos 'Ticket Granting Ticket' (TGT), which can be used to fully impersonate the authenticated user or service.

 - CVE-2016-2126 Volker Lendecke discovered several flaws in the Kerberos PAC validation. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.

Solution

Upgrade the samba packages.

For the stable distribution (jessie), these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u2. In addition, this update contains several changes originally targeted for the upcoming jessie point release.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830195

https://security-tracker.debian.org/tracker/CVE-2016-2119

https://security-tracker.debian.org/tracker/CVE-2016-2123

https://security-tracker.debian.org/tracker/CVE-2016-2125

https://security-tracker.debian.org/tracker/CVE-2016-2126

https://packages.debian.org/source/jessie/samba

https://www.debian.org/security/2016/dsa-3740

Plugin Details

Severity: High

ID: 95936

File Name: debian_DSA-3740.nasl

Version: 3.11

Type: local

Agent: unix

Published: 12/20/2016

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:samba, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 12/19/2016

Vulnerability Publication Date: 7/7/2016

Reference Information

CVE: CVE-2016-2119, CVE-2016-2123, CVE-2016-2125, CVE-2016-2126

DSA: 3740