| Summary: | samba new security issues CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115 and CVE-2016-2118 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | marja11, nicolas.salguero, pkg-bugs, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/683716/ | ||
| Whiteboard: | has_procedure advisory mga5-32-ok mga5-64-ok | ||
| Source RPM: | samba-3.6.25-2.2.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Attachments: | Missing part of CVE-preparation-v3-6.patch | ||
|
Description
David Walser
2016-04-12 22:30:36 CEST
We could also potentially get patches from RedHat (RHEL6): https://rhn.redhat.com/errata/RHSA-2016-0611.html or Debian (Wheezy): https://www.debian.org/security/2016/dsa-3548 URL:
(none) =>
http://lwn.net/Vulnerabilities/683716/ Assigning to maintainer, but CC'ing all packagers collectively, since the maintainer seems a bit MIA'ish CC:
(none) =>
marja11, pkg-bugs Ubuntu has issued an advisory for this today (April 18): http://www.ubuntu.com/usn/usn-2950-1/ Backporting these patches was coordinated among vendors and the patches for 3.6.x are available from upstream: https://www.samba.org/samba/history/security.html Patches added, using the Ubuntu version of the CVE-preparation patch. Unfortunately it doesn't build, because of the error: error: 'struct pipes_struct' has no member named 'rng_fault_state' http://pkgsubmit.mageia.org/uploads/failure/5/core/updates_testing/20160418212451.luigiwalser.duvel.38138/log/samba-3.6.25-2.3.mga5/build.0.20160418212529.log Advisory saved for later below. Advisory: ======================== Updated samba packages fix security vulnerability: Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code (CVE-2015-5370). Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack (CVE-2016-2110). Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information (CVE-2016-2111). Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack (CVE-2016-2112). Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack (CVE-2016-2115). Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock (CVE-2016-2118). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118 https://www.samba.org/samba/security/CVE-2015-5370.html https://www.samba.org/samba/security/CVE-2016-2110.html https://www.samba.org/samba/security/CVE-2016-2111.html https://www.samba.org/samba/security/CVE-2016-2112.html https://www.samba.org/samba/security/CVE-2016-2115.html https://www.samba.org/samba/security/CVE-2016-2118.html http://www.ubuntu.com/usn/usn-2950-1/ ======================== Updated packages in core/updates_testing: ======================== samba-server-3.6.25-2.3.mga5 samba-client-3.6.25-2.3.mga5 samba-common-3.6.25-2.3.mga5 samba-doc-3.6.25-2.3.mga5 samba-swat-3.6.25-2.3.mga5 samba-winbind-3.6.25-2.3.mga5 nss_wins-3.6.25-2.3.mga5 libsmbclient0-3.6.25-2.3.mga5 libsmbclient0-devel-3.6.25-2.3.mga5 libsmbclient0-static-devel-3.6.25-2.3.mga5 libnetapi0-3.6.25-2.3.mga5 libnetapi-devel-3.6.25-2.3.mga5 libsmbsharemodes0-3.6.25-2.3.mga5 libsmbsharemodes-devel-3.6.25-2.3.mga5 libwbclient0-3.6.25-2.3.mga5 libwbclient-devel-3.6.25-2.3.mga5 samba-virusfilter-clamav-3.6.25-2.3.mga5 samba-virusfilter-fsecure-3.6.25-2.3.mga5 samba-virusfilter-sophos-3.6.25-2.3.mga5 samba-domainjoin-gui-3.6.25-2.3.mga5 from samba-3.6.25-2.3.mga5.src.rpm Severity:
critical =>
major Created attachment 7688 [details]
Missing part of CVE-preparation-v3-6.patch
Hi,
When reading CVE-preparation-v3-6.patch, I saw that "if (p->rng_fault_state)" is replaced by "if (p->fault_state)" in the other places.
Best regards,
Nico.CC:
(none) =>
nicolas.salguero In fact, all the files in samba-3.6.25/source3/librpc/gen_ndr/ that contain "rng_fault_state" were omitted in CVE-preparation-v3-6.patch. I added the missing parts in CVE-preparation-v3-6.patch and, now, the build is successful. For the advisory and the list of RPMs, see comment 4. Status:
NEW =>
ASSIGNED On two mga5-64 systems, I updated samba. The following packages were installed: - lib64smbclient0-3.6.25-2.3.mga5.x86_64 - lib64wbclient0-3.6.25-2.3.mga5.x86_64 - nss_wins-3.6.25-2.3.mga5.x86_64 - samba-client-3.6.25-2.3.mga5.x86_64 - samba-common-3.6.25-2.3.mga5.x86_64 - samba-server-3.6.25-2.3.mga5.x86_64 I can access a folder shared between these two systems using smbclient and can mount, read and write to a shared folder. I have no Windows systems to test with and I don't use samba for printing. Subject to the limitations of my testing the update looks OK for mga5-64 I also updated samba on one mga5-32 system. The following packages were installed: - libsmbclient0-3.6.25-2.3.mga5.i586 - libwbclient0-3.6.25-2.3.mga5.i586 - nss_wins-3.6.25-2.3.mga5.i586 - samba-client-3.6.25-2.3.mga5.i586 - samba-common-3.6.25-2.3.mga5.i586 - samba-server-3.6.25-2.3.mga5.i586 I can access a folder shared between this system and a mga5-64 system using smbclient and can mount, read and write to a shared folder. Again subject to the limitations of my testing the update looks OK for mga5-32. Thanks Jim. Adding the OK's and Validating. Whiteboard:
(none) =>
has_procedure mga5-32-ok mga5-64-ok Actually validating. Advisory uploaded. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0151.html Status:
ASSIGNED =>
RESOLVED I installed the Samba update from updates_testing on my mgav5 x86-64 laptop and was able to access a remote share using the SMB kernel module and to host /tmp and read from it from both the local laptop and from my mgav6-64 machine . So this update looks good. |