Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM Netezza Host Management

Summary

Open Source Samba is used by IBM Netezza Host Mangement. IBM Netezza Host Management has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2017-12163**
DESCRIPTION:** Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a memory leak over SMB1. By sending specially crafted SMB1 data, an attacker could exploit this vulnerability to cause portions of server memory contents to be written to a file and obtain sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-12151**
DESCRIPTION:** Samba could provide weaker than expected security, caused by the failure to properly sign and encrypt DFS redirects when the max protocol for the original connection is set as ‘SMB3’. An attacker could exploit this vulnerability using man-in-the-middle techniques to read and alter confidential documents.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132350 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2017-12150**
DESCRIPTION:** Samba could allow a remote attacker to obtain sensitive information, caused by the failure to require SMB signing in SMB1/2/3 connections. An attacker could exploit this vulnerability using man-in-the-middle techniques to hijack client connections and obtain sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132349 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-14746**
DESCRIPTION:** Samba could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free memory error. By sending a specially crafted SMB1 request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135222 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-15275**
DESCRIPTION:** Samba could allow a remote attacker to obtain sensitive information, caused by a heap memory information leak. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain password hashes or other high-value data.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135221 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

• IBM Netezza Host Management 5.4.5.0 - 5.4.15.0

Remediation/Fixes

To resolve the reported CVE CVE-2017-12163, CVE-2017-12150, CVE-2017-14746 and CVE-2017-15275 for Red Hat Enterprise Linux (RHEL) on PureData System for Analytics N200x and N3001 platforms only, update to the following IBM Netezza Host Management release:

The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances.

For more details on IBM Netezza Host Management security patching:

• Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliances

Workarounds and Mitigations

Mitigation of the reported CVE CVE-2017-12163 and CVE-2017-12150 applies to the following platforms only:

PureData System for Analytics N1001
IBM Netezza High Capacity Appliance C1000
IBM Netezza 1000
IBM Netezza 100

Execute below steps using “root” user on both ha1/ha2 hosts

Step 1. Check if Samba module is installed in the host
[host]# rpm -qa | grep samba

Step 2. Check if Samba service is running
[host]# /etc/init.d/smb status

Step 3. If Samba service is running, stop the smb service
[host]# /etc/init.d/smb stop

Step 4. Backup the /etc/samba/smb.conf file
[host]# cp /etc/samba/smb.conf /etc/samba/smb.conf_backup

Step 5. Edit the /etc/samba/smb.conf and set following parameter as below:

client signing = required

Also add following parameter in global settings as below:

#============ Global Settings ==========

[global]
server min protocol = SMB2_02

Step 6. Start the smb services using below command:
[host]# /etc/init.d/smb start

Note : If samba configuration file smb.conf is changed/modified in future, please verify if above settings is changed. If changed please make sure to mitigate this issue by following steps 2 to 6.

Mitigation of the reported CVE CVE-2017-12151 on PureData System for Analytics N200x and N3001 platforms only :

Execute below steps using “root” user on both ha1/ha2 hosts

Step 1. Check if Samba module is installed in the host
[host]# rpm -qa | grep samba

Step 2. Check if Samba service is running
[host]# /etc/init.d/smb status

Step 3. If Samba service is running, stop the smb service
[host]# /etc/init.d/smb stop

Step 4. Backup the /etc/samba/smb.conf file
[host]# cp /etc/samba/smb.conf /etc/samba/smb.conf_backup

Step 5. Edit the /etc/samba/smb.conf and set following parameters as below:

client max protocol = NT1

Step 6. Start the smb services using below command:
[host]# /etc/init.d/smb start

Note : If samba configuration file smb.conf is changed/modified in future, please verify if above settings is changed. If changed please make sure to mitigate this issue by following steps 2 to 6.