Lucene search

IBMDCD801E07E7C4D2AE831E9C8FA97BF388C004D41DBBA10D989743E05280AA7A7

HistoryJun 16, 2018 - 9:44 p.m.

Security Bulletin: Samba as used in IBM QRadar SIEM is vulnerable to multiple CVE's. (CVE-2016-2110, CVE-2016-2112, CVE-2016-2115)

2018-06-1621:44:54

www.ibm.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

Samba is susceptible to multiple vulnerabilities as used in IBM QRadar SIEM.

Vulnerability Details

CVE-ID: CVE-2016-2110 **
Description:Samba could allow a remote attacker to bypass security restrictions, caused by the failure to protect the feature negotiation of NTLMSSP from a downgrade. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL flags and perform downgrade attacks. **
CVSS Base Score: 4.3**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/111937 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

**
CVE-ID:CVE-2016-2112 **
Description:Samba could allow a remote attacker to bypass security restrictions, caused by the failure to enforce integrity protection by the LDAP client and server. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to downgrade LDAP connections. **
CVSS Base Score: 4.3
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/111939 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

**
CVE-ID:CVE-2016-2115 **
Description:Samba could allow a remote attacker to bypass security restrictions, caused by the failure to protect the integrity of SMB client connections for IPC traffic. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to perform unauthorized actions. **
CVSS Base Score: 4.3
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/111942 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products and Versions

· IBM QRadar 7.1.n

· IBM QRadar 7.2.n

Remediation/Fixes

· QRadar / QRM / QVM / QRIF 7.2.6 Patch 7

· IBM QRadar SIEM 7.1 MR2 Patch 13

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security qradar siemeq7.1
ibm security qradar siemeq7.2

CPE	Name	Operator	Version
	ibm security qradar siem	eq	7.1
	ibm security qradar siem	eq	7.2

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for DCD801E07E7C4D2AE831E9C8FA97BF388C004D41DBBA10D989743E05280AA7A7