Lucene search

AmazonALAS-2016-634

HistoryJan 18, 2016 - 11:00 a.m.

Medium: samba

2016-01-1811:00:00

alas.aws.amazon.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.014 Low

EPSS

Percentile

86.4%

JSON

Issue Overview:

A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.

An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba’s share path.

A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server.

A man-in-the-middle vulnerability was found in the way “connection signing” was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text.

Affected Packages:

samba

Issue Correction:
Run yum update samba to update your system.

New Packages:

i686:  
    samba-devel-4.2.3-11.28.amzn1.i686  
    libsmbclient-devel-4.2.3-11.28.amzn1.i686  
    samba-winbind-modules-4.2.3-11.28.amzn1.i686  
    ctdb-tests-4.2.3-11.28.amzn1.i686  
    samba-client-4.2.3-11.28.amzn1.i686  
    samba-debuginfo-4.2.3-11.28.amzn1.i686  
    samba-libs-4.2.3-11.28.amzn1.i686  
    samba-winbind-4.2.3-11.28.amzn1.i686  
    samba-test-4.2.3-11.28.amzn1.i686  
    samba-client-libs-4.2.3-11.28.amzn1.i686  
    samba-common-libs-4.2.3-11.28.amzn1.i686  
    libwbclient-devel-4.2.3-11.28.amzn1.i686  
    ctdb-4.2.3-11.28.amzn1.i686  
    samba-test-libs-4.2.3-11.28.amzn1.i686  
    samba-test-devel-4.2.3-11.28.amzn1.i686  
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.i686  
    samba-4.2.3-11.28.amzn1.i686  
    samba-common-tools-4.2.3-11.28.amzn1.i686  
    samba-winbind-clients-4.2.3-11.28.amzn1.i686  
    libsmbclient-4.2.3-11.28.amzn1.i686  
    samba-python-4.2.3-11.28.amzn1.i686  
    libwbclient-4.2.3-11.28.amzn1.i686  
    ctdb-devel-4.2.3-11.28.amzn1.i686  
  
noarch:  
    samba-pidl-4.2.3-11.28.amzn1.noarch  
    samba-common-4.2.3-11.28.amzn1.noarch  
  
src:  
    samba-4.2.3-11.28.amzn1.src  
  
x86_64:  
    samba-libs-4.2.3-11.28.amzn1.x86_64  
    libsmbclient-4.2.3-11.28.amzn1.x86_64  
    samba-winbind-4.2.3-11.28.amzn1.x86_64  
    samba-test-libs-4.2.3-11.28.amzn1.x86_64  
    samba-common-libs-4.2.3-11.28.amzn1.x86_64  
    samba-4.2.3-11.28.amzn1.x86_64  
    samba-debuginfo-4.2.3-11.28.amzn1.x86_64  
    samba-devel-4.2.3-11.28.amzn1.x86_64  
    ctdb-devel-4.2.3-11.28.amzn1.x86_64  
    samba-winbind-modules-4.2.3-11.28.amzn1.x86_64  
    samba-client-4.2.3-11.28.amzn1.x86_64  
    ctdb-tests-4.2.3-11.28.amzn1.x86_64  
    samba-common-tools-4.2.3-11.28.amzn1.x86_64  
    ctdb-4.2.3-11.28.amzn1.x86_64  
    samba-python-4.2.3-11.28.amzn1.x86_64  
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.x86_64  
    samba-test-devel-4.2.3-11.28.amzn1.x86_64  
    samba-winbind-clients-4.2.3-11.28.amzn1.x86_64  
    samba-client-libs-4.2.3-11.28.amzn1.x86_64  
    libsmbclient-devel-4.2.3-11.28.amzn1.x86_64  
    samba-test-4.2.3-11.28.amzn1.x86_64  
    libwbclient-devel-4.2.3-11.28.amzn1.x86_64  
    libwbclient-4.2.3-11.28.amzn1.x86_64

Additional References

Red Hat: CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330

Mitre: CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686samba-devel< 4.2.3-11.28.amzn1samba-devel-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686libsmbclient-devel< 4.2.3-11.28.amzn1libsmbclient-devel-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686samba-winbind-modules< 4.2.3-11.28.amzn1samba-winbind-modules-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686ctdb-tests< 4.2.3-11.28.amzn1ctdb-tests-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686samba-client< 4.2.3-11.28.amzn1samba-client-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686samba-debuginfo< 4.2.3-11.28.amzn1samba-debuginfo-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686samba-libs< 4.2.3-11.28.amzn1samba-libs-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686samba-winbind< 4.2.3-11.28.amzn1samba-winbind-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686samba-test< 4.2.3-11.28.amzn1samba-test-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux1i686samba-client-libs< 4.2.3-11.28.amzn1samba-client-libs-4.2.3-11.28.amzn1.i686.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	samba-devel	< 4.2.3-11.28.amzn1	samba-devel-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	libsmbclient-devel	< 4.2.3-11.28.amzn1	libsmbclient-devel-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	samba-winbind-modules	< 4.2.3-11.28.amzn1	samba-winbind-modules-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	ctdb-tests	< 4.2.3-11.28.amzn1	ctdb-tests-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	samba-client	< 4.2.3-11.28.amzn1	samba-client-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	samba-debuginfo	< 4.2.3-11.28.amzn1	samba-debuginfo-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	samba-libs	< 4.2.3-11.28.amzn1	samba-libs-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	samba-winbind	< 4.2.3-11.28.amzn1	samba-winbind-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	samba-test	< 4.2.3-11.28.amzn1	samba-test-4.2.3-11.28.amzn1.i686.rpm
Amazon Linux	1	i686	samba-client-libs	< 4.2.3-11.28.amzn1	samba-client-libs-4.2.3-11.28.amzn1.i686.rpm