[SECURITY] [DLA 776-1] samba security update

2017-01-0218:57:35

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

3.3 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

79.2%

JSON

Package : samba
Version : 2:3.6.6-6+deb7u11
CVE ID : CVE-2016-2125

Simo Sorce of Red Hat discovered that the Samba client code always
requests a forwardable ticket when using Kerberos authentication. A
target server, which must be in the current or trusted domain/realm,
is given a valid general purpose Kerberos "Ticket Granting Ticket"
(TGT), which can be used to fully impersonate the authenticated user
or service.

For Debian 7 "Wheezy", these problems have been fixed in version
2:3.6.6-6+deb7u11.

We recommend that you upgrade your samba packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian8powerpcsamba-vfs-modules< 2:4.2.14+dfsg-0+deb8u2samba-vfs-modules_2:4.2.14+dfsg-0+deb8u2_powerpc.deb
Debian8i386winbind< 2:4.2.14+dfsg-0+deb8u2winbind_2:4.2.14+dfsg-0+deb8u2_i386.deb
Debian8arm64winbind< 2:4.2.14+dfsg-0+deb8u2winbind_2:4.2.14+dfsg-0+deb8u2_arm64.deb
Debian8arm64smbclient< 2:4.2.14+dfsg-0+deb8u2smbclient_2:4.2.14+dfsg-0+deb8u2_arm64.deb
Debian8armhfctdb< 2:4.2.14+dfsg-0+deb8u2ctdb_2:4.2.14+dfsg-0+deb8u2_armhf.deb
Debian8powerpclibparse-pidl-perl< 2:4.2.14+dfsg-0+deb8u2libparse-pidl-perl_2:4.2.14+dfsg-0+deb8u2_powerpc.deb
Debian8kfreebsd-amd64ctdb< 2:4.2.14+dfsg-0+deb8u2ctdb_2:4.2.14+dfsg-0+deb8u2_kfreebsd-amd64.deb
Debian8mipslibsmbclient< 2:4.2.14+dfsg-0+deb8u2libsmbclient_2:4.2.14+dfsg-0+deb8u2_mips.deb
Debian7armelwinbind< 2:3.6.6-6+deb7u11winbind_2:3.6.6-6+deb7u11_armel.deb
Debian8ppc64elsamba-dsdb-modules< 2:4.2.14+dfsg-0+deb8u2samba-dsdb-modules_2:4.2.14+dfsg-0+deb8u2_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	powerpc	samba-vfs-modules	< 2:4.2.14+dfsg-0+deb8u2	samba-vfs-modules_2:4.2.14+dfsg-0+deb8u2_powerpc.deb
Debian	8	i386	winbind	< 2:4.2.14+dfsg-0+deb8u2	winbind_2:4.2.14+dfsg-0+deb8u2_i386.deb
Debian	8	arm64	winbind	< 2:4.2.14+dfsg-0+deb8u2	winbind_2:4.2.14+dfsg-0+deb8u2_arm64.deb
Debian	8	arm64	smbclient	< 2:4.2.14+dfsg-0+deb8u2	smbclient_2:4.2.14+dfsg-0+deb8u2_arm64.deb
Debian	8	armhf	ctdb	< 2:4.2.14+dfsg-0+deb8u2	ctdb_2:4.2.14+dfsg-0+deb8u2_armhf.deb
Debian	8	powerpc	libparse-pidl-perl	< 2:4.2.14+dfsg-0+deb8u2	libparse-pidl-perl_2:4.2.14+dfsg-0+deb8u2_powerpc.deb
Debian	8	kfreebsd-amd64	ctdb	< 2:4.2.14+dfsg-0+deb8u2	ctdb_2:4.2.14+dfsg-0+deb8u2_kfreebsd-amd64.deb
Debian	8	mips	libsmbclient	< 2:4.2.14+dfsg-0+deb8u2	libsmbclient_2:4.2.14+dfsg-0+deb8u2_mips.deb
Debian	7	armel	winbind	< 2:3.6.6-6+deb7u11	winbind_2:3.6.6-6+deb7u11_armel.deb
Debian	8	ppc64el	samba-dsdb-modules	< 2:4.2.14+dfsg-0+deb8u2	samba-dsdb-modules_2:4.2.14+dfsg-0+deb8u2_ppc64el.deb