Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)
2016-04-13T00:00:00
ID SL_20160412_SAMBA_ON_SL5_X.NASL Type nessus Reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2020-02-02T00:00:00
Description
Security Fix(es) :
A protocol flaw, publicly referred to as Badlock, was
found in the Security Account Manager Remote Protocol
(MS-SAMR) and the Local Security Authority (Domain
Policy) Remote Protocol (MS-LSAD). Any authenticated
DCE/RPC connection that a client initiates against a
server could be used by a man-in-the-middle attacker to
impersonate the authenticated user against the SAMR or
LSA service on the server. As a result, the attacker
would be able to get read/write access to the Security
Account Manager database, and use this to reveal all
passwords or any other potentially sensitive information
in that database. (CVE-2016-2118)
Several flaws were found in Samba
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include("compat.inc");
if (description)
{
script_id(90503);
script_version("2.9");
script_cvs_date("Date: 2018/12/28 10:10:36");
script_cve_id("CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118");
script_name(english:"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Security Fix(es) :
- A protocol flaw, publicly referred to as Badlock, was
found in the Security Account Manager Remote Protocol
(MS-SAMR) and the Local Security Authority (Domain
Policy) Remote Protocol (MS-LSAD). Any authenticated
DCE/RPC connection that a client initiates against a
server could be used by a man-in-the-middle attacker to
impersonate the authenticated user against the SAMR or
LSA service on the server. As a result, the attacker
would be able to get read/write access to the Security
Account Manager database, and use this to reveal all
passwords or any other potentially sensitive information
in that database. (CVE-2016-2118)
- Several flaws were found in Samba's implementation of
NTLMSSP authentication. An unauthenticated,
man-in-the-middle attacker could use this flaw to clear
the encryption and integrity flags of a connection,
causing data to be transmitted in plain text. The
attacker could also force the client or server into
sending data in plain text even if encryption was
explicitly requested for that connection.
(CVE-2016-2110)
- It was discovered that Samba configured as a Domain
Controller would establish a secure communication
channel with a machine using a spoofed computer name. A
remote attacker able to observe network traffic could
use this flaw to obtain session-related information
about the spoofed machine. (CVE-2016-2111)
- It was found that Samba's LDAP implementation did not
enforce integrity protection for LDAP connections. A
man-in-the-middle attacker could use this flaw to
downgrade LDAP connections to use no integrity
protection, allowing them to hijack such connections.
(CVE-2016-2112)
- It was found that Samba did not enable integrity
protection for IPC traffic by default. A
man-in-the-middle attacker could use this flaw to view
and modify the data sent between a Samba server and a
client. (CVE-2016-2115)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b633e72b"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"libsmbclient-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"libsmbclient-devel-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-client-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-common-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-debuginfo-3.0.33-3.41.el5_11")) flag++;
if (rpm_check(release:"SL5", reference:"samba-swat-3.0.33-3.41.el5_11")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "bulletinFamily": "scanner", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)", "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba", "published": "2016-04-13T00:00:00", "modified": "2020-02-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/90503", "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?b633e72b"], "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "type": "nessus", "lastseen": "2020-02-01T02:07:11", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba", "edition": 12, "enchantments": {"dependencies": {"modified": "2020-01-01T01:37:52", "references": [{"idList": ["RHSA-2016:0621", "RHSA-2016:0623", "RHSA-2016:0611", "RHSA-2016:0619", "RHSA-2016:0620", "RHSA-2016:0613", "RHSA-2016:0612", "RHSA-2016:0625", "RHSA-2016:0624"], "type": "redhat"}, {"idList": ["ELSA-2016-0613", "ELSA-2016-0612", "ELSA-2016-0621", "ELSA-2016-0611"], "type": "oraclelinux"}, {"idList": ["ASA-201604-13"], "type": "archlinux"}, {"idList": ["SUSE-SU-2016:1024-1", "SUSE-SU-2016:1028-1", "OPENSUSE-SU-2016:1025-1"], "type": "suse"}, {"idList": ["SOL47133310", "SOL53313971", "F5:K53313971", "F5:K47133310"], "type": "f5"}, {"idList": ["USN-2950-3", "USN-2950-1", "USN-2950-2", "USN-2950-4", "USN-2950-5"], "type": "ubuntu"}, {"idList": ["SSA-2016-106-02"], "type": "slackware"}, {"idList": ["CESA-2016:0621", "CESA-2016:0613", "CESA-2016:0611"], "type": "centos"}, {"idList": ["ALAS-2016-686"], "type": "amazon"}, {"idList": ["OPENVAS:1361412562310871597", "OPENVAS:1361412562310882458", "OPENVAS:1361412562310882456", "OPENVAS:1361412562310871595", "OPENVAS:1361412562310122941", "OPENVAS:1361412562310122939", "OPENVAS:1361412562310882457", "OPENVAS:1361412562310871594", "OPENVAS:1361412562310122938", "OPENVAS:1361412562310131298"], "type": "openvas"}, {"idList": ["A636FC26-00D9-11E6-B704-000C292E4FD8"], "type": "freebsd"}, {"idList": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "type": "cve"}, {"idList": ["REDHAT-RHSA-2016-0624.NASL", "REDHAT-RHSA-2016-0613.NASL", "CENTOS_RHSA-2016-0613.NASL", "ORACLELINUX_ELSA-2016-0613.NASL", "ORACLELINUX_ELSA-2016-0611.NASL", "REDHAT-RHSA-2016-0611.NASL", "CENTOS_RHSA-2016-0621.NASL", "REDHAT-RHSA-2016-0621.NASL", "ORACLELINUX_ELSA-2016-0621.NASL", "CENTOS_RHSA-2016-0611.NASL"], "type": "nessus"}, {"idList": ["CFOUNDRY:13FFB9F76900A33F4D6751D02C276E8D"], "type": "cloudfoundry"}]}, "score": {"modified": "2020-01-01T01:37:52", "value": 5.8, "vector": "NONE"}}, "hash": "f8c27d0462682539f187cd6de3c9aeb9fd07f2143d174a15674b70d29f5711ab", "hashmap": [{"hash": "68048135714109faa86733b838ccdbe8", "key": "cvelist"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "f6ff394451684e95810448c060170e97", "key": "sourceData"}, {"hash": "2249940a684898a70237266de5d6dd6c", "key": "modified"}, {"hash": "9730bd072d0462cc1f460079077f6f67", "key": "description"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "6ea955b36b14d6909c7f2c65586e93b3", "key": "title"}, {"hash": "75b7a62061ea89fbae12e9604a994a1a", "key": "references"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "6e5b1518c8d5472faab443986dfa72da", "key": "href"}, {"hash": "13150ddfa5827a5c5c657d58776a0385", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48ea1dbd49cbb0b8b125fc18ec72c7ca", "key": "reporter"}, {"hash": "06b01002bfb478bd4a42bb90bfb44a55", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/90503", "id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "lastseen": "2020-01-01T01:37:52", "modified": "2020-01-02T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "90503", "published": "2016-04-13T00:00:00", "references": ["http://www.nessus.org/u?b633e72b"], "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90503);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b633e72b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 12, "lastseen": "2020-01-01T01:37:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "44aa052eace9e5abe579ac7d619acaa25c3c6cb46483957e837ec64ef923c20c", "hashmap": [{"hash": "68048135714109faa86733b838ccdbe8", "key": "cvelist"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "f9949146a35814c47362fe37d2f35b34", "key": "href"}, {"hash": "d6ef2317110b16cb1b27bba53a8f9596", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6ea955b36b14d6909c7f2c65586e93b3", "key": "title"}, {"hash": "276ade3a9da7a2f79b95e8a2697fc227", "key": "sourceData"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "13150ddfa5827a5c5c657d58776a0385", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "1473cc95d97afe32f88497f5af8e9307", "key": "modified"}, {"hash": "9392ce90143fcacdf432766010c7d2b9", "key": "references"}, {"hash": "06b01002bfb478bd4a42bb90bfb44a55", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=90503", "id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "lastseen": "2017-10-29T13:35:17", "modified": "2016-10-19T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "90503", "published": "2016-04-13T00:00:00", "references": ["http://www.nessus.org/u?0eeda4c4"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90503);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2016/10/19 14:25:13 $\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0eeda4c4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-10-29T13:35:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba", "edition": 11, "enchantments": {"dependencies": {"modified": "2019-12-13T09:13:31", "references": [{"idList": ["ELSA-2016-0613", "ELSA-2016-0612", "ELSA-2016-0621", "ELSA-2016-0611"], "type": "oraclelinux"}, {"idList": ["USN-2950-3", "USN-2950-1", "USN-2950-4"], "type": "ubuntu"}, {"idList": ["ASA-201604-13"], "type": "archlinux"}, {"idList": ["SOL47133310", "SOL53313971", "F5:K53313971", "F5:K47133310"], "type": "f5"}, {"idList": ["SSA-2016-106-02"], "type": "slackware"}, {"idList": ["REDHAT-RHSA-2016-0624.NASL", "SL_20160412_SAMBA3X_ON_SL5_X.NASL", "REDHAT-RHSA-2016-0623.NASL", "REDHAT-RHSA-2016-0613.NASL", "CENTOS_RHSA-2016-0613.NASL", "CENTOS_RHSA-2016-0621.NASL", "REDHAT-RHSA-2016-0621.NASL", "ORACLELINUX_ELSA-2016-0621.NASL", "REDHAT-RHSA-2016-0619.NASL", "CENTOS_RHSA-2016-0611.NASL"], "type": "nessus"}, {"idList": ["RHSA-2016:0621", "RHSA-2016:0623", "RHSA-2016:0611", "RHSA-2016:0619", "RHSA-2016:0620", "RHSA-2016:0613", "RHSA-2016:0612", "RHSA-2016:0625", "RHSA-2016:0624", "RHSA-2016:0614"], "type": "redhat"}, {"idList": ["DEBIAN:DSA-3548-1:02A5F"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310871597", "OPENVAS:1361412562310882458", "OPENVAS:1361412562310882456", "OPENVAS:1361412562310871595", "OPENVAS:1361412562310122941", "OPENVAS:1361412562310122939", "OPENVAS:1361412562310882457", "OPENVAS:1361412562310871594", "OPENVAS:1361412562310122938", "OPENVAS:1361412562310131298"], "type": "openvas"}, {"idList": ["SUSE-SU-2016:1024-1", "SUSE-SU-2016:1023-1", "SUSE-SU-2016:1028-1", "SUSE-SU-2016:1022-1"], "type": "suse"}, {"idList": ["A636FC26-00D9-11E6-B704-000C292E4FD8"], "type": "freebsd"}, {"idList": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "type": "cve"}, {"idList": ["CESA-2016:0612", "CESA-2016:0621", "CESA-2016:0613", "CESA-2016:0611"], "type": "centos"}, {"idList": ["CFOUNDRY:13FFB9F76900A33F4D6751D02C276E8D"], "type": "cloudfoundry"}]}, "score": {"modified": "2019-12-13T09:13:31", "value": 5.8, "vector": "NONE"}}, "hash": "52887245dfabf9d8526e6d3129bd675b8f5b97ffb028f0d015b12edbd0868a2f", "hashmap": [{"hash": "68048135714109faa86733b838ccdbe8", "key": "cvelist"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "f6ff394451684e95810448c060170e97", "key": "sourceData"}, {"hash": "9730bd072d0462cc1f460079077f6f67", "key": "description"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "6ea955b36b14d6909c7f2c65586e93b3", "key": "title"}, {"hash": "75b7a62061ea89fbae12e9604a994a1a", "key": "references"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "6e5b1518c8d5472faab443986dfa72da", "key": "href"}, {"hash": "13150ddfa5827a5c5c657d58776a0385", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5a7504dfe859a7ccbaf560628f6442ad", "key": "modified"}, {"hash": "48ea1dbd49cbb0b8b125fc18ec72c7ca", "key": "reporter"}, {"hash": "06b01002bfb478bd4a42bb90bfb44a55", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/90503", "id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "lastseen": "2019-12-13T09:13:31", "modified": "2019-12-02T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "90503", "published": "2016-04-13T00:00:00", "references": ["http://www.nessus.org/u?b633e72b"], "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90503);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b633e72b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 11, "lastseen": "2019-12-13T09:13:31"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-11-03T12:13:08", "references": [{"idList": ["ELSA-2016-0613", "ELSA-2016-0612", "ELSA-2016-0621", "ELSA-2016-0611"], "type": "oraclelinux"}, {"idList": ["ASA-201604-13"], "type": "archlinux"}, {"idList": ["SOL47133310", "SOL53313971", "F5:K53313971", "F5:K47133310"], "type": "f5"}, {"idList": ["SSA-2016-106-02"], "type": "slackware"}, {"idList": ["REDHAT-RHSA-2016-0624.NASL", "SL_20160412_SAMBA3X_ON_SL5_X.NASL", "REDHAT-RHSA-2016-0623.NASL", "REDHAT-RHSA-2016-0613.NASL", "REDHAT-RHSA-2016-0611.NASL", "CENTOS_RHSA-2016-0621.NASL", "REDHAT-RHSA-2016-0621.NASL", "ORACLELINUX_ELSA-2016-0621.NASL", "REDHAT-RHSA-2016-0619.NASL", "CENTOS_RHSA-2016-0611.NASL"], "type": "nessus"}, {"idList": ["RHSA-2016:0621", "RHSA-2016:0623", "RHSA-2016:0611", "RHSA-2016:0619", "RHSA-2016:0620", "RHSA-2016:0613", "RHSA-2016:0612", "RHSA-2016:0625", "RHSA-2016:0624", "RHSA-2016:0614"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1024-1", "SUSE-SU-2016:1028-1", "SUSE-SU-2016:1022-1"], "type": "suse"}, {"idList": ["USN-2950-1", "USN-2950-4"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-3548-1:02A5F"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310871597", "OPENVAS:1361412562310882458", "OPENVAS:1361412562310882456", "OPENVAS:1361412562310871595", "OPENVAS:1361412562310122941", "OPENVAS:1361412562310122939", "OPENVAS:1361412562310882457", "OPENVAS:1361412562310871594", "OPENVAS:1361412562310122938", "OPENVAS:1361412562310131298"], "type": "openvas"}, {"idList": ["A636FC26-00D9-11E6-B704-000C292E4FD8"], "type": "freebsd"}, {"idList": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "type": "cve"}, {"idList": ["CESA-2016:0612", "CESA-2016:0621", "CESA-2016:0613", "CESA-2016:0611"], "type": "centos"}, {"idList": ["CFOUNDRY:13FFB9F76900A33F4D6751D02C276E8D"], "type": "cloudfoundry"}]}, "score": {"modified": "2019-11-03T12:13:08", "value": 5.8, "vector": "NONE"}}, "hash": "f0638f203955de05cbccfd6997062a8b438bd099d83ed0830c5563e44e2a5c45", "hashmap": [{"hash": "68048135714109faa86733b838ccdbe8", "key": "cvelist"}, {"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "f6ff394451684e95810448c060170e97", "key": "sourceData"}, {"hash": "9730bd072d0462cc1f460079077f6f67", "key": "description"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "6ea955b36b14d6909c7f2c65586e93b3", "key": "title"}, {"hash": "75b7a62061ea89fbae12e9604a994a1a", "key": "references"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "6e5b1518c8d5472faab443986dfa72da", "key": "href"}, {"hash": "13150ddfa5827a5c5c657d58776a0385", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48ea1dbd49cbb0b8b125fc18ec72c7ca", "key": "reporter"}, {"hash": "06b01002bfb478bd4a42bb90bfb44a55", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/90503", "id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "lastseen": "2019-11-03T12:13:08", "modified": "2019-11-02T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "90503", "published": "2016-04-13T00:00:00", "references": ["http://www.nessus.org/u?b633e72b"], "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90503);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b633e72b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified"], "edition": 10, "lastseen": "2019-11-03T12:13:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "cvelist": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-02-21T01:26:41", "references": [{"idList": ["RHSA-2016:0621", "RHSA-2016:0623", "RHSA-2016:0611", "RHSA-2016:0619", "RHSA-2016:0620", "RHSA-2016:0613", "RHSA-2016:0612", "RHSA-2016:0625", "RHSA-2016:0618", "RHSA-2016:0624"], "type": "redhat"}, {"idList": ["ELSA-2016-0613", "ELSA-2016-0612", "ELSA-2016-0621", "ELSA-2016-0611"], "type": "oraclelinux"}, {"idList": ["USN-2950-1", "USN-2950-2", "USN-2950-4", "USN-2950-5"], "type": "ubuntu"}, {"idList": ["ASA-201604-13"], "type": "archlinux"}, {"idList": ["SUSE-SU-2016:1024-1", "SUSE-SU-2016:1028-1", "OPENSUSE-SU-2016:1025-1"], "type": "suse"}, {"idList": ["SOL47133310", "SOL53313971", "F5:K53313971", "F5:K47133310"], "type": "f5"}, {"idList": ["CESA-2016:0621", "CESA-2016:0613", "CESA-2016:0611"], "type": "centos"}, {"idList": ["ALAS-2016-686"], "type": "amazon"}, {"idList": ["REDHAT-RHSA-2016-0624.NASL", "SL_20160412_SAMBA3X_ON_SL5_X.NASL", "REDHAT-RHSA-2016-0613.NASL", "CENTOS_RHSA-2016-0613.NASL", "ORACLELINUX_ELSA-2016-0613.NASL", "ORACLELINUX_ELSA-2016-0611.NASL", "SL_20160412_SAMBA_ON_SL6_X.NASL", "REDHAT-RHSA-2016-0611.NASL", "REDHAT-RHSA-2016-0619.NASL", "CENTOS_RHSA-2016-0611.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310871597", "OPENVAS:1361412562310882458", "OPENVAS:1361412562310882456", "OPENVAS:1361412562310871595", "OPENVAS:1361412562310122941", "OPENVAS:1361412562310122939", "OPENVAS:1361412562310882457", "OPENVAS:1361412562310871594", "OPENVAS:1361412562310122938", "OPENVAS:1361412562310131298"], "type": "openvas"}, {"idList": ["A636FC26-00D9-11E6-B704-000C292E4FD8"], "type": "freebsd"}, {"idList": ["CVE-2016-2112", "CVE-2016-2118", "CVE-2016-2110", "CVE-2016-2115", "CVE-2016-2111"], "type": "cve"}]}, "score": {"modified": "2019-02-21T01:26:41", "value": 6.7, "vector": "NONE"}}, "hash": "e3ecedf136d819f6fd6b10737f49df0e751336074032456880b2f9e6f485e3dd", "hashmap": [{"hash": "68048135714109faa86733b838ccdbe8", "key": "cvelist"}, {"hash": "b1e432cd926620a2b9bd9816ef9503c6", "key": "cpe"}, {"hash": "f9949146a35814c47362fe37d2f35b34", "key": "href"}, {"hash": "d6ef2317110b16cb1b27bba53a8f9596", "key": "description"}, {"hash": "f6ff394451684e95810448c060170e97", "key": "sourceData"}, {"hash": "c32cbe5fddac08eeb23415ae701ad676", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "6ea955b36b14d6909c7f2c65586e93b3", "key": "title"}, {"hash": "75b7a62061ea89fbae12e9604a994a1a", "key": "references"}, {"hash": "b3a4d461a1383c8ba9fa401b58d29827", "key": "naslFamily"}, {"hash": "13150ddfa5827a5c5c657d58776a0385", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "06b01002bfb478bd4a42bb90bfb44a55", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=90503", "id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "lastseen": "2019-02-21T01:26:41", "modified": "2018-12-28T00:00:00", "naslFamily": "Scientific Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "90503", "published": "2016-04-13T00:00:00", "references": ["http://www.nessus.org/u?b633e72b"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90503);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b633e72b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 8, "lastseen": "2019-02-21T01:26:41"}], "edition": 13, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b1e432cd926620a2b9bd9816ef9503c6"}, {"key": "cvelist", "hash": "68048135714109faa86733b838ccdbe8"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "description", "hash": "9730bd072d0462cc1f460079077f6f67"}, {"key": "href", "hash": "6e5b1518c8d5472faab443986dfa72da"}, {"key": "modified", "hash": "248ddfee5cc8aa2c1a4fce14baf1e1b1"}, {"key": "naslFamily", "hash": "b3a4d461a1383c8ba9fa401b58d29827"}, {"key": "pluginID", "hash": "13150ddfa5827a5c5c657d58776a0385"}, {"key": "published", "hash": "06b01002bfb478bd4a42bb90bfb44a55"}, {"key": "references", "hash": "75b7a62061ea89fbae12e9604a994a1a"}, {"key": "reporter", "hash": "48ea1dbd49cbb0b8b125fc18ec72c7ca"}, {"key": "sourceData", "hash": "f6ff394451684e95810448c060170e97"}, {"key": "title", "hash": "6ea955b36b14d6909c7f2c65586e93b3"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "1f261e472cf411b882ca642639636a30fc5705b00994bff6fc3edd118bf70306", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K53313971", "SOL53313971", "F5:K47133310", "SOL47133310"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0621", "ELSA-2016-0611", "ELSA-2016-0613", "ELSA-2016-0612"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871594", "OPENVAS:1361412562310882458", "OPENVAS:1361412562310122941", "OPENVAS:1361412562310882456", "OPENVAS:1361412562310871597", "OPENVAS:1361412562310122938", "OPENVAS:1361412562310131298", "OPENVAS:1361412562310882457", "OPENVAS:1361412562310122939", "OPENVAS:1361412562310871595"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2016-0621.NASL", "CENTOS_RHSA-2016-0621.NASL", "REDHAT-RHSA-2016-0621.NASL", "CENTOS_RHSA-2016-0611.NASL", "SL_20160412_SAMBA3X_ON_SL5_X.NASL", "REDHAT-RHSA-2016-0624.NASL", "REDHAT-RHSA-2016-0623.NASL", "REDHAT-RHSA-2016-0613.NASL", "CENTOS_RHSA-2016-0613.NASL", "ORACLELINUX_ELSA-2016-0611.NASL"]}, {"type": "cve", "idList": ["CVE-2016-2115", "CVE-2016-2118", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2110"]}, {"type": "redhat", "idList": ["RHSA-2016:0619", "RHSA-2016:0624", "RHSA-2016:0613", "RHSA-2016:0611", "RHSA-2016:0621", "RHSA-2016:0625", "RHSA-2016:0623", "RHSA-2016:0612", "RHSA-2016:0620"]}, {"type": "centos", "idList": ["CESA-2016:0613", "CESA-2016:0611", "CESA-2016:0621"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1028-1", "SUSE-SU-2016:1024-1", "OPENSUSE-SU-2016:1025-1"]}, {"type": "archlinux", "idList": ["ASA-201604-13"]}, {"type": "ubuntu", "idList": ["USN-2950-4", "USN-2950-1", "USN-2950-5", "USN-2950-2", "USN-2950-3"]}, {"type": "freebsd", "idList": ["A636FC26-00D9-11E6-B704-000C292E4FD8"]}, {"type": "amazon", "idList": ["ALAS-2016-686"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:13FFB9F76900A33F4D6751D02C276E8D"]}, {"type": "slackware", "idList": ["SSA-2016-106-02"]}], "modified": "2020-02-01T02:07:11"}, "score": {"value": 5.8, "vector": "NONE", "modified": "2020-02-01T02:07:11"}, "vulnersScore": 5.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90503);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b633e72b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Scientific Linux Local Security Checks", "pluginID": "90503", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "scheme": null}
{"f5": [{"lastseen": "2019-04-30T18:20:59", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 587077 (BIG-IP), ID 477733 (ARX), and ID 589931 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H592133 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP AAM| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP AFM| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP Analytics| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP APM| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP ASM| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP DNS| 12.0.0 - 12.1.0| 12.1.1| Medium| Samba \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Samba \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP Link Controller| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP PEM| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| 12.1.1 \n11.6.1 HF1 \n11.5.4 HF4| Medium| Samba \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Medium| Samba \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Samba \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Medium| Samba \nARX| 6.0.0 - 6.4.0| None| Low| Samba \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| \nNone| Medium| Samba \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Medium| Samba \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Medium| Samba \nBIG-IQ ADC| 4.5.0| None| Medium| Samba \nBIG-IQ Centralized Management| 4.6.0| None| Medium| Samba \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Medium| Samba \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can avoid using any Samba tools included with the BIG-IP system. Though Samba tools are included with the BIG-IP Linux distribution, using a BIG-IP system as a Samba server is not supported. If your system uses an external shell script with Samba tools from within a custom monitor, you can use alternative monitoring methods.\n\n**Impact of action**: Performing the suggested action should not have a negative impact on your system.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-05-01T19:32:00", "published": "2016-05-17T22:23:00", "id": "F5:K53313971", "href": "https://support.f5.com/csp/article/K53313971", "title": "Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:28", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you can avoid using any Samba tools included with the BIG-IP system. Though Samba tools are included with the BIG-IP Linux distribution, using a BIG-IP system as a Samba server is not supported. If your system uses an external shell script with Samba tools from within a custom monitor, you can use alternative monitoring methods.\n\n**Impact of action:** Performing the suggested action should not have a negative impact on your system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-09-01T00:00:00", "published": "2016-05-17T00:00:00", "id": "SOL53313971", "href": "http://support.f5.com/kb/en-us/solutions/public/k/53/sol53313971.html", "type": "f5", "title": "SOL53313971 - Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:33", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 477733 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Samba \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-14T19:34:00", "published": "2016-05-10T22:23:00", "href": "https://support.f5.com/csp/article/K47133310", "id": "F5:K47133310", "title": "Samba vulnerability CVE-2016-2112", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:54", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-05-10T00:00:00", "published": "2016-05-10T00:00:00", "id": "SOL47133310", "href": "http://support.f5.com/kb/en-us/solutions/public/k/47/sol47133310.html", "type": "f5", "title": "SOL47133310 - Samba vulnerability CVE-2016-2112", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "unix", "description": "[3.0.33-3.41.el5]\n- Security Release 'BadLock'\n- resolves: CVE-2016-2110\n- resolves: CVE-2016-2111", "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "ELSA-2016-0621", "href": "http://linux.oracle.com/errata/ELSA-2016-0621.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "unix", "description": "[3.6.23-12.0.1]\n- Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 19973497]\n[3.6.23-12]\n- related: #1322685 - Update CVE patchset\n[3.6.23-11]\n- related: #1322685 - Update CVE patchset\n[3.6.23-10]\n- resolves: #1322685 - Fix CVE-2015-5370\n- resolves: #1322685 - Fix CVE-2016-2110\n- resolves: #1322685 - Fix CVE-2016-2111\n- resolves: #1322685 - Fix CVE-2016-2112\n- resolves: #1322685 - Fix CVE-2016-2115\n- resolves: #1322685 - Fix CVE-2016-2118 (Known as Badlock)", "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "ELSA-2016-0613", "href": "http://linux.oracle.com/errata/ELSA-2016-0613.html", "title": "samba3x security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "description": "[3.6.23-30.0.1]\n- Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258]\n[3.6.23-30]\n- related: #1322686 - Update manpages\n[3.6.23-29]\n- related: #1322686 - Update CVE patchset\n[3.6.23-28]\n- related: #1322686 - Update manpages\n[3.6.23-27]\n- related: #1322686 - Update CVE patchset\n[3.6.23-26]\n- resolves: #1322686 - Fix CVE-2015-5370\n- resolves: #1322686 - Fix CVE-2016-2110\n- resolves: #1322686 - Fix CVE-2016-2111\n- resolves: #1322686 - Fix CVE-2016-2112\n- resolves: #1322686 - Fix CVE-2016-2115\n- resolves: #1322686 - Fix CVE-2016-2118 (Known as Badlock)", "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "ELSA-2016-0611", "href": "http://linux.oracle.com/errata/ELSA-2016-0611.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:27", "bulletinFamily": "unix", "description": "ipa\n[4.2.0-15.0.1.6.1]\n- Drop redhat-access-plugin-ipa requires for OL7\n Blank out header-logo.png product-name.png\n Replace login-screen-logo.png [20362818]\n[4.2.0-15.6.1]\n- Rebuild against newer Samba version\n- Related: #1322690\nlibldb\n[1.1.25-1]\n- Rebase libldb to 1.1.25\n- Related: rhbz#1322690\nlibtalloc\n[2.1.5-1]\n- Rebase to libtalloc 2.1.5\n- Related: rhbz#1322690\nlibtdb\n[1.3.8-1]\n- Rebase libtdb to 1.3.8\n- Related: rhbz#1322690\nlibtevent\n[0.9.26-1]\n- Rebase libtevent to 0.9.26\n- Related: rhbz#1322690\nopenchange\n[2.0-10]\n- Add a patch to fix connection string (Related: #1322690)\nsamba\n[4.2.10-6]\n- Fix domain member winbind not being able to talk to trusted domains' DCs\n- relates: #1322690\n[4.2.10-5]\n- Fix crash in smb.conf processing\n- relates: #1322690\n[4.2.10-4]\n- Fix LDAP SASL bind with arcfour-hmac-md5\n- resolves: #1322690\n[4.2.10-3]\n- Make sure the package owns /var/lib/samba and uses it for cache purposes\n- resolves: #1322690\n[4.2.10-2]\n- Remove ldb modules and internal libraries for DC when not packaging DC build\n- resolves: #1322690\n[4.2.10-1]\n- resolves: #1322690", "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "ELSA-2016-0612", "href": "http://linux.oracle.com/errata/ELSA-2016-0612.html", "title": "samba and samba4 security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-04-13T00:00:00", "id": "OPENVAS:1361412562310871594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871594", "title": "RedHat Update for samba RHSA-2016:0621-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2016:0621-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871594\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-13 05:16:54 +0200 (Wed, 13 Apr 2016)\");\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\",\n \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for samba RHSA-2016:0621-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the\nServer Message Block (SMB) protocol and the related Common Internet File System\n(CIFS) protocol, which allow PC-compatible machines to share files, printers, and\nvarious information.\n\nSecurity Fix(es):\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter\nof CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\");\n script_tag(name:\"affected\", value:\"samba on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0621-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00017.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.41.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2016-0621", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122941", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122941", "title": "Oracle Linux Local Check: ELSA-2016-0621", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0621.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122941\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:57 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0621\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0621 - samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0621\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0621.html\");\n script_cve_id(\"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\", \"CVE-2016-2110\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.41.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "bulletinFamily": "scanner", "description": "Check the version of libsmbclient", "modified": "2019-03-08T00:00:00", "published": "2016-04-14T00:00:00", "id": "OPENVAS:1361412562310882458", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882458", "title": "CentOS Update for libsmbclient CESA-2016:0621 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2016:0621 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882458\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-14 05:19:02 +0200 (Thu, 14 Apr 2016)\");\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\",\n \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libsmbclient CESA-2016:0621 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of libsmbclient\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) protocol and the related Common Internet File\nSystem (CIFS) protocol, which allow PC-compatible machines to share files,\nprinters, and various information.\n\nSecurity Fix(es):\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter\nof CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0621\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021823.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.0.33~3.41.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "description": "Check the version of samba3x", "modified": "2019-03-08T00:00:00", "published": "2016-04-14T00:00:00", "id": "OPENVAS:1361412562310882456", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882456", "title": "CentOS Update for samba3x CESA-2016:0613 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for samba3x CESA-2016:0613 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882456\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-14 05:18:51 +0200 (Thu, 14 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\",\n \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for samba3x CESA-2016:0613 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of samba3x\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) or Common Internet File System (CIFS) protocol,\nwhich allows PC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba\n(root). This flaw could also be used to downgrade a secure DCE/RPC\nconnection by a man-in-the-middle attacker taking control of an Active\nDirectory (AD) object and compromising the security of a Samba Active\nDirectory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles Samba\nimplements.\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"samba3x on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0613\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021821.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.6.23~12.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:23", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2016-0151", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131298", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131298", "title": "Mageia Linux Local Check: mgasa-2016-0151", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0151.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131298\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:18:01 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0151\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0151.html\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0151\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.25~2.3.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:30", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2016-0613", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122938", "title": "Oracle Linux Local Check: ELSA-2016-0613", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0613.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122938\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:54 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0613\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0613 - samba3x security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0613\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0613.html\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\", \"CVE-2016-2110\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.6.23~12.0.1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-04-13T00:00:00", "id": "OPENVAS:1361412562310871597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871597", "title": "RedHat Update for samba3x RHSA-2016:0613-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba3x RHSA-2016:0613-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871597\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-13 05:17:13 +0200 (Wed, 13 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\",\n \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for samba3x RHSA-2016:0613-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba3x'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) or Common Internet File System (CIFS) protocol,\nwhich allows PC-compatible machines to share files, printers, and other information.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba\n(root). This flaw could also be used to downgrade a secure DCE/RPC\nconnection by a man-in-the-middle attacker taking control of an Active\nDirectory (AD) object and compromising the security of a Samba Active\nDirectory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles Samba\nimplements.\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also force\nthe client or server into sending data in plain text even if encryption was\nexplicitly requested for that connection. (CVE-2016-2110)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"samba3x on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0613-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00016.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba3x\", rpm:\"samba3x~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-client\", rpm:\"samba3x-client~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-common\", rpm:\"samba3x-common~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-debuginfo\", rpm:\"samba3x-debuginfo~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-doc\", rpm:\"samba3x-doc~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-domainjoin-gui\", rpm:\"samba3x-domainjoin-gui~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-swat\", rpm:\"samba3x-swat~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind\", rpm:\"samba3x-winbind~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba3x-winbind-devel\", rpm:\"samba3x-winbind-devel~3.6.23~12.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "scanner", "description": "Check the version of libsmbclient", "modified": "2019-03-08T00:00:00", "published": "2016-04-14T00:00:00", "id": "OPENVAS:1361412562310882457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882457", "title": "CentOS Update for libsmbclient CESA-2016:0611 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libsmbclient CESA-2016:0611 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882457\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-14 05:18:56 +0200 (Thu, 14 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\",\n \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libsmbclient CESA-2016:0611 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of libsmbclient\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) protocol and the related Common Internet File\nSystem (CIFS) protocol, which allow PC-compatible machines to share files,\nprinters, and various information.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba\n(root). This flaw could also be used to downgrade a secure DCE/RPC\nconnection by a man-in-the-middle attacker taking control of an Active\nDirectory (AD) object and compromising the security of a Samba Active\nDirectory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles Samba\nimplements.\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter\nof CVE-2015-5370 and Stefan Metzmacher (SerNet) as the original reporter\nof CVE-2016-2118, CVE-2016-2112, and CVE-2016-2115.\");\n script_tag(name:\"affected\", value:\"libsmbclient on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0611\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-April/021815.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-glusterfs\", rpm:\"samba-glusterfs~3.6.23~30.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:21", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2016-0611", "modified": "2019-03-14T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310122939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122939", "title": "Oracle Linux Local Check: ELSA-2016-0611", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0611.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.fi>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.fi\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122939\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:24:55 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0611\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0611 - samba security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0611\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0611.html\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-domainjoin-gui\", rpm:\"samba-domainjoin-gui~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-swat\", rpm:\"samba-swat~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-devel\", rpm:\"samba-winbind-devel~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"samba-glusterfs\", rpm:\"samba-glusterfs~3.6.23~30.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-04-13T00:00:00", "id": "OPENVAS:1361412562310871595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871595", "title": "RedHat Update for samba RHSA-2016:0611-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba RHSA-2016:0611-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871595\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-13 05:17:00 +0200 (Wed, 13 Apr 2016)\");\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\",\n \"CVE-2016-2118\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for samba RHSA-2016:0611-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the\nServer Message Block (SMB) protocol and the related Common Internet File System\n(CIFS) protocol, which allow PC-compatible machines to share files, printers, and\nvarious information.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba\n(root). This flaw could also be used to downgrade a secure DCE/RPC\nconnection by a man-in-the-middle attacker taking control of an Active\nDirectory (AD) object and compromising the security of a Samba Active\nDirectory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles Samba\nimplements.\n\n * A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local Security\nAuthority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated\nDCE/RPC connection that a client initiates against a server could be used\nby a man-in-the-middle attacker to impersonate the authenticated user\nagainst the SAMR or LSA service on the server. As a result, the attacker\nwould be able to get read/write access to the Security Account Manager\ndatabase, and use this to reveal all passwords or any other potentially\nsensitive information in that database. (CVE-2016-2118)\n\n * It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a spoofed\ncomputer name. A remote attacker able to observe network traffic could use\nthis flaw to obtain session-related information about the spoofed machine.\n(CVE-2016-2111)\n\n * It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections. (CVE-2016-2112)\n\n * It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter\nof CVE-2015-5370 and Stefan Metzmacher (SerNet) as the original reporter\nof CVE-2016-2118, CVE-2016-2112, and CVE-2016-2115.\");\n script_tag(name:\"affected\", value:\"samba on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0611-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-April/msg00015.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~3.6.23~30.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.6.23~30.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.6.23~30.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~3.6.23~30.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~3.6.23~30.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.6.23~30.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~3.6.23~30.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-02-01T01:31:40", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2016:0621 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the ", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90489", "published": "2016-04-13T00:00:00", "title": "Oracle Linux 5 : samba (ELSA-2016-0621) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0621 and \n# Oracle Linux Security Advisory ELSA-2016-0621 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90489);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/09/27 13:00:37\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"Oracle Linux 5 : samba (ELSA-2016-0621) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0621 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005950.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T01:43:31", "bulletinFamily": "scanner", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the ", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90498", "published": "2016-04-13T00:00:00", "title": "RHEL 5 : samba (RHSA-2016:0621) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0621. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90498);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"RHEL 5 : samba (RHSA-2016:0621) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0621\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T06:44:20", "bulletinFamily": "scanner", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the ", "modified": "2020-02-02T00:00:00", "id": "CENTOS_RHSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90452", "published": "2016-04-13T00:00:00", "title": "CentOS 5 : samba (CESA-2016:0621) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0621 and \n# CentOS Errata and Security Advisory 2016:0621 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90452);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"CentOS 5 : samba (CESA-2016:0621) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3db8a7e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T06:44:20", "bulletinFamily": "scanner", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba", "modified": "2020-02-02T00:00:00", "id": "CENTOS_RHSA-2016-0611.NASL", "href": "https://www.tenable.com/plugins/nessus/90449", "published": "2016-04-13T00:00:00", "title": "CentOS 6 : samba (CESA-2016:0611) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0611 and \n# CentOS Errata and Security Advisory 2016:0611 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90449);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0611\");\n\n script_name(english:\"CentOS 6 : samba (CESA-2016:0611) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021815.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?808aa2e9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-common-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-clients-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T01:43:31", "bulletinFamily": "scanner", "description": "An update for samba3x is now available for Red Hat Enterprise Linux\n5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2016-0624.NASL", "href": "https://www.tenable.com/plugins/nessus/90500", "published": "2016-04-13T00:00:00", "title": "RHEL 5 : samba3x (RHSA-2016:0624) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90500);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0624\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2016:0624) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba3x is now available for Red Hat Enterprise Linux\n5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.6|5\\.9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-client-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-client-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-client-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-client-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-common-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-common-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-common-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-common-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-debuginfo-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-debuginfo-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-debuginfo-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-debuginfo-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-doc-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-doc-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-doc-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-doc-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-swat-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-swat-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-swat-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-swat-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-winbind-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-winbind-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-winbind-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-winbind-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T01:43:30", "bulletinFamily": "scanner", "description": "An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2016-0613.NASL", "href": "https://www.tenable.com/plugins/nessus/90493", "published": "2016-04-13T00:00:00", "title": "RHEL 5 : samba3x (RHSA-2016:0613) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0613. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90493);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0613\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2016:0613) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0613\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-debuginfo-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T01:43:31", "bulletinFamily": "scanner", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.6\nLong Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously incorrectly listed\nthe CVE-2015-5370 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. No changes have been made to the packages.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. The CVE-2016-2115 was also incorrectly listed\nas addressed by this update. This issue does affect the samba packages\non Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Customers are\nadvised to use the ", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2016-0623.NASL", "href": "https://www.tenable.com/plugins/nessus/90499", "published": "2016-04-13T00:00:00", "title": "RHEL 5 : samba (RHSA-2016:0623) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0623. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90499);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0623\");\n\n script_name(english:\"RHEL 5 : samba (RHSA-2016:0623) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.6\nLong Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously incorrectly listed\nthe CVE-2015-5370 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. No changes have been made to the packages.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. The CVE-2016-2115 was also incorrectly listed\nas addressed by this update. This issue does affect the samba packages\non Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Customers are\nadvised to use the 'client signing = required' configuration option in\nthe smb.conf file to mitigate CVE-2016-2115. No changes have been made\nto the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.6|5\\.9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0623\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"libsmbclient-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"libsmbclient-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"libsmbclient-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"libsmbclient-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"libsmbclient-devel-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"libsmbclient-devel-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-common-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-common-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-debuginfo-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-debuginfo-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.40.el5_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T02:07:11", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - Multiple flaws were found in Samba", "modified": "2020-02-02T00:00:00", "id": "SL_20160412_SAMBA3X_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90501", "published": "2016-04-13T00:00:00", "title": "Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90501);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/07/11 12:05:37\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were found in Samba's DCE/RPC protocol\n implementation. A remote, authenticated attacker could\n use these flaws to cause a denial of service against the\n Samba server (high CPU load or a crash) or, possibly,\n execute arbitrary code with the permissions of the user\n running Samba (root). This flaw could also be used to\n downgrade a secure DCE/RPC connection by a\n man-in-the-middle attacker taking control of an Active\n Directory (AD) object and compromising the security of a\n Samba Active Directory Domain Controller (DC).\n (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Scientific Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6491\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bab64414\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-debuginfo-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T01:43:31", "bulletinFamily": "scanner", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba", "modified": "2020-02-02T00:00:00", "id": "REDHAT-RHSA-2016-0619.NASL", "href": "https://www.tenable.com/plugins/nessus/90496", "published": "2016-04-13T00:00:00", "title": "RHEL 6 : samba (RHSA-2016:0619) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0619. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90496);\n script_version(\"2.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0619\");\n\n script_name(english:\"RHEL 6 : samba (RHSA-2016:0619) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n # http://badlock.org/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://samba.plus\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6\\.2|6\\.4|6\\.5|6\\.6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2 / 6.4 / 6.5 / 6.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0619\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"libsmbclient-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"libsmbclient-devel-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-common-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-debuginfo-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-winbind-clients-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-winbind-devel-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-01T01:31:40", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2016:0613 :\n\nAn update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba", "modified": "2020-02-02T00:00:00", "id": "ORACLELINUX_ELSA-2016-0613.NASL", "href": "https://www.tenable.com/plugins/nessus/90488", "published": "2016-04-13T00:00:00", "title": "Oracle Linux 5 : samba3x (ELSA-2016-0613) (Badlock)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0613 and \n# Oracle Linux Security Advisory ELSA-2016-0613 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90488);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2019/09/27 13:00:37\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0613\");\n\n script_name(english:\"Oracle Linux 5 : samba3x (ELSA-2016-0613) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0613 :\n\nAn update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005949.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-client-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-common-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-doc-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-domainjoin-gui-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-swat-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-devel-3.6.23-12.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2019-05-29T18:15:35", "bulletinFamily": "NVD", "description": "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.", "modified": "2016-12-31T02:59:00", "id": "CVE-2016-2115", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2115", "published": "2016-04-25T00:59:00", "title": "CVE-2016-2115", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-09-28T11:40:03", "bulletinFamily": "NVD", "description": "The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"", "modified": "2019-09-27T17:17:00", "id": "CVE-2016-2118", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2118", "published": "2016-04-12T23:59:00", "title": "CVE-2016-2118", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:15:35", "bulletinFamily": "NVD", "description": "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.", "modified": "2016-12-31T02:59:00", "id": "CVE-2016-2112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2112", "published": "2016-04-25T00:59:00", "title": "CVE-2016-2112", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:15:34", "bulletinFamily": "NVD", "description": "The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.", "modified": "2016-12-31T02:59:00", "id": "CVE-2016-2111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2111", "published": "2016-04-25T00:59:00", "title": "CVE-2016-2111", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:15:34", "bulletinFamily": "NVD", "description": "The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.", "modified": "2016-12-31T02:59:00", "id": "CVE-2016-2110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2110", "published": "2016-04-25T00:59:00", "title": "CVE-2016-2110", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n", "modified": "2016-09-04T02:18:36", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0619", "href": "https://access.redhat.com/errata/RHSA-2016:0619", "type": "redhat", "title": "(RHSA-2016:0619) Critical: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:07", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n", "modified": "2017-09-08T11:54:29", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0624", "href": "https://access.redhat.com/errata/RHSA-2016:0624", "type": "redhat", "title": "(RHSA-2016:0624) Critical: samba3x security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:29", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "modified": "2018-06-06T20:24:25", "published": "2016-04-13T10:54:34", "id": "RHSA-2016:0611", "href": "https://access.redhat.com/errata/RHSA-2016:0611", "type": "redhat", "title": "(RHSA-2016:0611) Critical: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:14", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n", "modified": "2017-09-08T11:53:57", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0613", "href": "https://access.redhat.com/errata/RHSA-2016:0613", "type": "redhat", "title": "(RHSA-2016:0613) Critical: samba3x security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:01", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n", "modified": "2017-09-08T11:54:06", "published": "2016-04-14T04:00:00", "id": "RHSA-2016:0623", "href": "https://access.redhat.com/errata/RHSA-2016:0623", "type": "redhat", "title": "(RHSA-2016:0623) Important: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:43", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n", "modified": "2017-09-08T12:17:17", "published": "2016-04-14T04:00:00", "id": "RHSA-2016:0621", "href": "https://access.redhat.com/errata/RHSA-2016:0621", "type": "redhat", "title": "(RHSA-2016:0621) Important: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:25", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n", "modified": "2017-09-08T12:14:57", "published": "2016-04-14T04:00:00", "id": "RHSA-2016:0625", "href": "https://access.redhat.com/errata/RHSA-2016:0625", "type": "redhat", "title": "(RHSA-2016:0625) Important: samba security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:22", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.", "modified": "2018-06-06T20:24:31", "published": "2016-04-12T21:27:19", "id": "RHSA-2016:0612", "href": "https://access.redhat.com/errata/RHSA-2016:0612", "type": "redhat", "title": "(RHSA-2016:0612) Critical: samba and samba4 security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:17", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nThe following packages have been upgraded to a newer upstream version: Samba\n(4.2.10). Refer to the Release Notes listed in the References section for a\ncomplete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain\nconnections. A man-in-the-middle attacker could use this flaw to spoof a Samba\nserver using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB)\nsigning for clients using the SMB1 protocol. A man-in-the-middle attacker could\nuse this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and\nCVE-2016-2115.\n", "modified": "2016-09-04T02:18:36", "published": "2016-04-12T04:00:00", "id": "RHSA-2016:0620", "href": "https://access.redhat.com/errata/RHSA-2016:0620", "type": "redhat", "title": "(RHSA-2016:0620) Critical: samba4 security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:08", "bulletinFamily": "unix", "description": "Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Gluster Storage do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.", "modified": "2018-06-13T01:28:21", "published": "2016-04-13T01:09:54", "id": "RHSA-2016:0614", "href": "https://access.redhat.com/errata/RHSA-2016:0614", "type": "redhat", "title": "(RHSA-2016:0614) Critical: samba security, bug fix, and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0611\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033853.html\n\n**Affected packages:**\nlibsmbclient\nlibsmbclient-devel\nsamba\nsamba-client\nsamba-common\nsamba-doc\nsamba-domainjoin-gui\nsamba-glusterfs\nsamba-swat\nsamba-winbind\nsamba-winbind-clients\nsamba-winbind-devel\nsamba-winbind-krb5-locator\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0611.html", "modified": "2016-04-13T00:14:40", "published": "2016-04-13T00:14:40", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033853.html", "id": "CESA-2016:0611", "title": "libsmbclient, samba security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:28:36", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0613\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible machines\nto share files, printers, and other information.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial of\nservice against the Samba server (high CPU load or a crash) or, possibly,\nexecute arbitrary code with the permissions of the user running Samba (root).\nThis flaw could also be used to downgrade a secure DCE/RPC connection by a\nman-in-the-middle attacker taking control of an Active Directory (AD) object and\ncompromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support\nrunning Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use this\nflaw to downgrade LDAP connections to use no integrity protection, allowing them\nto hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by\ndefault. A man-in-the-middle attacker could use this flaw to view and modify the\ndata sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of\nCVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033859.html\n\n**Affected packages:**\nsamba3x\nsamba3x-client\nsamba3x-common\nsamba3x-doc\nsamba3x-domainjoin-gui\nsamba3x-swat\nsamba3x-winbind\nsamba3x-winbind-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0613.html", "modified": "2016-04-13T00:27:00", "published": "2016-04-13T00:27:00", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033859.html", "id": "CESA-2016:0613", "title": "samba3x security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:19", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0621\n\n\nSamba is an open-source implementation of the Server Message Block (SMB)\nprotocol and the related Common Internet File System (CIFS) protocol, which\nallow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es):\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security\nAccount Manager Remote Protocol (MS-SAMR) and the Local Security Authority\n(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection\nthat a client initiates against a server could be used by a man-in-the-middle\nattacker to impersonate the authenticated user against the SAMR or LSA service\non the server. As a result, the attacker would be able to get read/write access\nto the Security Account Manager database, and use this to reveal all passwords\nor any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication.\nAn unauthenticated, man-in-the-middle attacker could use this flaw to clear the\nencryption and integrity flags of a connection, causing data to be transmitted\nin plain text. The attacker could also force the client or server into sending\ndata in plain text even if encryption was explicitly requested for that\nconnection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish\na secure communication channel with a machine using a spoofed computer name. A\nremote attacker able to observe network traffic could use this flaw to obtain\nsession-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues.\nUpstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of\nCVE-2016-2118 and CVE-2016-2110.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033861.html\n\n**Affected packages:**\nlibsmbclient\nlibsmbclient-devel\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0621.html", "modified": "2016-04-13T00:30:21", "published": "2016-04-13T00:30:21", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033861.html", "id": "CESA-2016:0621", "title": "libsmbclient, samba security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:25:05", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:0612\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033852.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033854.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033855.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033856.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033857.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033858.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033860.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033862.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033863.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033864.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033865.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033866.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033867.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-April/033868.html\n\n**Affected packages:**\nctdb\nctdb-devel\nctdb-tests\nipa\nipa-admintools\nipa-client\nipa-python\nipa-server\nipa-server-dns\nipa-server-selinux\nipa-server-trust-ad\nldb-tools\nlibldb\nlibldb-devel\nlibsmbclient\nlibsmbclient-devel\nlibtalloc\nlibtalloc-devel\nlibtdb\nlibtdb-devel\nlibtevent\nlibtevent-devel\nlibwbclient\nlibwbclient-devel\nopenchange\nopenchange-client\nopenchange-devel\nopenchange-devel-docs\npyldb\npyldb-devel\npytalloc\npytalloc-devel\npython-tdb\npython-tevent\nsamba\nsamba-client\nsamba-client-libs\nsamba-common\nsamba-common-libs\nsamba-common-tools\nsamba-dc\nsamba-dc-libs\nsamba-devel\nsamba-libs\nsamba-pidl\nsamba-python\nsamba-test\nsamba-test-devel\nsamba-test-libs\nsamba-vfs-glusterfs\nsamba-winbind\nsamba-winbind-clients\nsamba-winbind-krb5-locator\nsamba-winbind-modules\nsamba4\nsamba4-client\nsamba4-common\nsamba4-dc\nsamba4-dc-libs\nsamba4-devel\nsamba4-libs\nsamba4-pidl\nsamba4-python\nsamba4-test\nsamba4-winbind\nsamba4-winbind-clients\nsamba4-winbind-krb5-locator\ntdb-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0612.html", "modified": "2016-04-13T03:11:17", "published": "2016-04-13T00:13:42", "href": "http://lists.centos.org/pipermail/centos-announce/2016-April/033852.html", "id": "CESA-2016:0612", "title": "ctdb, ipa, ldb, libldb, libsmbclient, libtalloc, libtdb, libtevent, libwbclient, openchange, pyldb, pytalloc, python, samba, samba4, tdb security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:42:33", "bulletinFamily": "unix", "description": "samba was updated to fix seven security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint\n function\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n\n", "modified": "2016-04-13T20:07:50", "published": "2016-04-13T20:07:50", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00024.html", "id": "SUSE-SU-2016:1028-1", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:23:19", "bulletinFamily": "unix", "description": "samba was updated to fix seven security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n - bsc#974629: Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close call.\n - bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel.\n - bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel\n from libsamba-passdb-devel while not providing it.\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n - bsc#924519: Upgrade on-disk FSRVP server state to new version.\n - bsc#968973: Only obsolete but do not provide gplv2/3 package names.\n - bso#6482: s3:utils/smbget: Fix recursive download.\n - bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a\n filesystem with no ACL support.\n - bso#11643: docs: Add example for domain logins to smbspool man page.\n - bso#11690: s3-client: Add a KRB5 wrapper for smbspool.\n - bso#11708: loadparm: Fix memory leak issue.\n - bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.\n - bso#11719: ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped\n ...".\n - bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when\n creating a new file.\n - bso#11732: param: Fix str_list_v3 to accept ";" again.\n - bso#11740: Real memeory leak(buildup) issue in loadparm.\n\n", "modified": "2016-04-13T00:13:24", "published": "2016-04-13T00:13:24", "id": "SUSE-SU-2016:1024-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00022.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:14:50", "bulletinFamily": "unix", "description": "samba was updated to fix seven security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n These non-security issues were fixed:\n - bsc#967017: Fix leaking memory in libsmbclient in cli_set_mntpoint\n function\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n\n", "modified": "2016-04-13T00:11:56", "published": "2016-04-13T00:11:56", "id": "SUSE-SU-2016:1023-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:15:18", "bulletinFamily": "unix", "description": "Samba was updated to the 4.2.x codestream, bringing some new features and\n security fixes (bsc#973832, FATE#320709).\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n Also the following fixes were done:\n - Upgrade on-disk FSRVP server state to new version; (bsc#924519).\n - Fix samba.tests.messaging test and prevent potential tdb corruption by\n removing obsolete now invalid tdb_close call; (bsc#974629).\n - Align fsrvp feature sources with upstream version.\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel\n from samba-core-devel; (bsc#973832).\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem\n with no ACL support; (bso#10489).\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n - loadparm: Fix memory leak issue; (bso#11708).\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n - ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";\n (bso#11719).\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a\n new file; (bso#11727).\n - param: Fix str_list_v3 to accept ";" again; (bso#11732).\n - Real memeory leak(buildup) issue in loadparm; (bso#11740).\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from\n libsamba-passdb-devel while not providing it; (bsc#972197).\n - Getting and setting Windows ACLs on symlinks can change permissions on\n link\n - Only obsolete but do not provide gplv2/3 package names; (bsc#968973).\n - Enable clustering (CTDB) support; (bsc#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (bsc#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make "hide dot files" option work with "store dos attributes =\n yes"; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Changing log level of two entries to from 1 to 3; (bso#9912).\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n - wafsamba: Also build libraries with RELRO protection; (bso#11346).\n - ctdb: Strip trailing spaces from nodes file; (bso#11365).\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute\n type of zero; (bso#11452).\n - nss_wins: Do not run into use after free issues when we access memory\n allocated on the globals and the global being reinitialized; (bso#11563).\n - async_req: Fix non-blocking connect(); (bso#11564).\n - auth: gensec: Fix a memory leak; (bso#11565).\n - lib: util: Make non-critical message a warning; (bso#11566).\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);\n (bsc#949022).\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000;\n (bso#11577).\n - manpage: Correct small typo error; (bso#11584).\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create\n containing them; (bso#11589).\n - Backport some valgrind fixes from upstream master; (bso#11597).\n - s3: smbd: have_file_open_below() fails to enumerate open files below an\n open directory handle; (bso#11615).\n - docs: Fix some typos in the idmap config section of man 5 smb.conf;\n (bso#11619).\n\n", "modified": "2016-04-13T00:08:02", "published": "2016-04-13T00:08:02", "id": "SUSE-SU-2016:1022-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:43", "bulletinFamily": "unix", "description": "- CVE-2015-5370 (arbitrary code execution)\n\nMultiple flaws were found in Samba's DCE/RPC protocol implementation. A\nremote, authenticated attacker could use these flaws to cause a denial\nof service against the Samba server (high CPU load or a crash) or,\npossibly, execute arbitrary code with the permissions of the user\nrunning Samba (root). This flaw could also be used to downgrade a secure\nDCE/RPC connection by a man-in-the-middle attacker taking control of an\nActive Directory (AD) object and compromising the security of a Samba\nActive Directory Domain Controller (DC).\n\n- CVE-2016-2110 (man-in-the-middle)\n\nSeveral flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could use\nthis flaw to clear the encryption and integrity flags of a connection,\ncausing data to be transmitted in plain text. The attacker could also\nforce the client or server into sending data in plain text even if\nencryption was explicitly requested for that connection.\n\n- CVE-2016-2111 (information disclosure)\n\nAn authentication flaw was found in Samba. When Samba is configured to\nact as a Domain Controller, it allows remote attackers to spoof the\ncomputer name of a secure channel's endpoints. The attacker could\nexploit this flaw to obtain sensitive session information by running a\ncrafted application and leveraging the ability to sniff network traffic.\n\n- CVE-2016-2112 (man-in-the-middle)\n\nIt was found that Samba's LDAP implementation did not enforce integrity\nprotection for LDAP connections. A man-in-the-middle attacker could use\nthis flaw to downgrade LDAP connections to use no integrity protection,\nallowing them to hijack such connections.\n\n- CVE-2016-2113 (man-in-the-middle)\n\nIt was found that while having a support for TLS/SSL for some protocols\nlike ldap and http, certificates are not validated at all. When having a\n"tls cafile" option, configured certificate is not used to validate the\nserver certificate.\n\n- CVE-2016-2114 (man-in-the-middle)\n\nIt was found that Samba based active directory domain controller does\nnot enforce smb signing and opens possibility for man-in-the-middle attacks.\nWhen Samba is configured as a Domain Controller, the default for the\n"server signing" should be "mandatory". During the early development of\nSamba 4 a new experimental file server located under source4/smb_server\nwas used. But before the final 4.0.0 release upstream switched back to\nthe file server under source3/smbd. But the logic for the correct\ndefault of "server signing" was not ported.\n\n- CVE-2016-2115 (man-in-the-middle)\n\nIt was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw to\nview and modify the data sent between a Samba server and a client.\n\n- CVE-2016-2118 (man-in-the-middle)\n\nIt was reported that various samba versions are vulnerable to man in the\nmiddle attack where attacker can intercept any DCERPC traffic between a\nclient and a server in order to impersonate the client and get the same\nprivileges as the authenticated user account. This is most problematic\nagainst active directory domain controllers.", "modified": "2016-04-23T00:00:00", "published": "2016-04-23T00:00:00", "id": "ASA-201604-13", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html", "type": "archlinux", "title": "samba: multiple issues", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:20:58", "bulletinFamily": "unix", "description": "USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the \u201cclient ipc signing\u201d parameter to \u201cauto\u201d.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments.", "modified": "2016-05-18T00:00:00", "published": "2016-05-18T00:00:00", "id": "USN-2950-4", "href": "https://usn.ubuntu.com/2950-4/", "title": "Samba regressions", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:22:19", "bulletinFamily": "unix", "description": "Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments.", "modified": "2016-04-18T00:00:00", "published": "2016-04-18T00:00:00", "id": "USN-2950-1", "href": "https://usn.ubuntu.com/2950-1/", "title": "Samba vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T19:21:55", "bulletinFamily": "unix", "description": "USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues.\n\nThis update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS.\n\nThis advisory was inadvertently published as USN-2950-2 originally.\n\nOriginal advisory details:\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments.", "modified": "2016-05-04T00:00:00", "published": "2016-05-04T00:00:00", "id": "USN-2950-3", "href": "https://usn.ubuntu.com/2950-3/", "title": "Samba regressions", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:45", "bulletinFamily": "unix", "description": "\nSamba team reports:\n\n[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service\n\t (crashes and high cpu consumption) and man in the middle attacks.\n[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected.\n\t A man in the middle is able to clear even required flags, especially\n\t NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.\n[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote\n\t attackers to spoof the computer name of a secure channel's endpoints, and obtain\n\t sensitive session information, by running a crafted application and leveraging\n\t the ability to sniff network traffic.\n[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections\n\t to no integrity protection.\n[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP\n\t connections (with ldaps://) and ncacn_http connections (with https://).\n[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.\n[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is\n\t the default for most the file server related protocols) is inherited from the underlying SMB connection.\n[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic\n\t between a client and a server in order to impersonate the client and get the same privileges\n\t as the authenticated user account. This is most problematic against active directory domain controllers.\n\n", "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "A636FC26-00D9-11E6-B704-000C292E4FD8", "href": "https://vuxml.freebsd.org/freebsd/a636fc26-00d9-11e6-b704-000c292e4fd8.html", "title": "samba -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:54", "bulletinFamily": "software", "description": "Samba and Windows Vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nSamba, Microsoft Windows\n\n# Versions Affected\n\n * The following versions of Samba are affected: 3.6.x, 4.0.x, 4.1.x, 4.2.0-4.2.9, 4.3.0-4.3.6, and 4.4.0. \n * The affected Microsoft Windows versions can be viewed here: <https://technet.microsoft.com/library/security/MS16-047>. \n\n# Description\n\nThere are several MITM attacks that can be performed against a variety of protocols used by Samba. These would permit execution of arbitrary Samba network calls using the context of the intercepted user. Impact examples of intercepting administrator network traffic include viewing or modifying certain types of private data on Samba servers. Additionally, Samba services are vulnerable to a denial of service from an attacker with remote network connectivity to the Samba service.\n\n# Affected Products and Versions\n\n * The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore does not require any upgrades. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry team has determined that the project is not exposed to this vulnerability and therefore does not require any upgrades. \n\n# Credit\n\nStefan Metzmacher\n\n# References\n\n * <http://badlock.org/>\n * <https://www.samba.org/samba/security/CVE-2016-2118.html>\n * <https://technet.microsoft.com/library/security/MS16-047>\n * <https://www.samba.org/samba/security/CVE-2015-5370.html>\n * <https://www.samba.org/samba/security/CVE-2016-2110.html>\n * <https://www.samba.org/samba/security/CVE-2016-2111.html>\n * <https://www.samba.org/samba/security/CVE-2016-2112.html>\n * <https://www.samba.org/samba/security/CVE-2016-2113.html>\n * <https://www.samba.org/samba/security/CVE-2016-2114.html>\n * <https://www.samba.org/samba/security/CVE-2016-2115.html>\n", "modified": "2016-04-14T00:00:00", "published": "2016-04-14T00:00:00", "id": "CFOUNDRY:13FFB9F76900A33F4D6751D02C276E8D", "href": "https://www.cloudfoundry.org/blog/samba-and-windows-vulnerabilities/", "title": "Samba and Windows Vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:36:54", "bulletinFamily": "unix", "description": "New samba packages are available for Slackware 14.0, 14.1, and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/samba-4.2.11-i486-1_slack14.1.txz: Upgraded.\n This update fixes the security issues known as "badlock" (or "sadlock"),\n which may allow man-in-the-middle or denial-of-service attacks:\n CVE-2015-5370 (Multiple errors in DCE-RPC code)\n CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)\n CVE-2016-2111 (NETLOGON Spoofing Vulnerability)\n CVE-2016-2112 (LDAP client and server don't enforce integrity)\n CVE-2016-2113 (Missing TLS certificate validation)\n CVE-2016-2114 ("server signing = mandatory" not enforced)\n CVE-2016-2115 (SMB IPC traffic is not integrity protected)\n CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/samba-4.2.11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/samba-4.2.11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/samba-4.2.11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/samba-4.2.11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.4.2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.4.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n2380bc0ddc5f60c28312bcd7b56ab2be samba-4.2.11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd6189a5d2293af40767bc3805d649144 samba-4.2.11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n7d31cf705ccf10346fb0718bc4d9ee3d samba-4.2.11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\na3db506941de422e75f18a854d82c95f samba-4.2.11-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nef51645624e6707f01060ba491ec3dfd n/samba-4.4.2-i586-1.txz\n\nSlackware x86_64 -current package:\n2ad90a74923e18b3c3616ef66fc6237a n/samba-4.4.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-4.2.11-i486-1_slack14.0.txz\n\nThen, if Samba is running restart it:\n\n > /etc/rc.d/rc.samba restart", "modified": "2016-04-15T13:48:27", "published": "2016-04-15T13:48:27", "id": "SSA-2016-106-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012", "title": "samba", "type": "slackware", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:44", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3548-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 13, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nCVE ID : CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112\n CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118\n\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:\n\nCVE-2015-5370\n\n Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC\n code which can lead to denial of service (crashes and high cpu\n consumption) and man-in-the-middle attacks.\n\nCVE-2016-2110\n\n Stefan Metzmacher of SerNet and the Samba Team discovered that the\n feature negotiation of NTLMSSP does not protect against downgrade\n attacks.\n\nCVE-2016-2111\n\n When Samba is configured as domain controller, it allows remote\n attackers to spoof the computer name of a secure channel's endpoint,\n and obtain sensitive session information. This flaw corresponds to\n the same vulnerability as CVE-2015-0005 for Windows, discovered by\n Alberto Solino from Core Security.\n\nCVE-2016-2112\n\n Stefan Metzmacher of SerNet and the Samba Team discovered that a\n man-in-the-middle attacker can downgrade LDAP connections to avoid\n integrity protection.\n\nCVE-2016-2113\n\n Stefan Metzmacher of SerNet and the Samba Team discovered that\n man-in-the-middle attacks are possible for client triggered LDAP\n connections and ncacn_http connections.\n\nCVE-2016-2114\n\n Stefan Metzmacher of SerNet and the Samba Team discovered that Samba\n does not enforce required smb signing even if explicitly configured.\n\nCVE-2016-2115\n\n Stefan Metzmacher of SerNet and the Samba Team discovered that SMB\n connections for IPC traffic are not integrity-protected.\n\nCVE-2016-2118\n\n Stefan Metzmacher of SerNet and the Samba Team discovered that a\n man-in-the-middle attacker can intercept any DCERPC traffic between\n a client and a server in order to impersonate the client and obtain\n the same privileges as the authenticated user account.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.6.6-6+deb7u9. The oldstable distribution is not affected\nby CVE-2016-2113 and CVE-2016-2114.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading\nto the new upstream version 4.2.10, which includes additional changes\nand bugfixes. The depending libraries ldb, talloc, tdb and tevent\nrequired as well an update to new upstream versions for this update.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.3.7+dfsg-1.\n\nPlease refer to\n\n https://www.samba.org/samba/latest_news.html#4.4.2\nhttps://www.samba.org/samba/history/samba-4.2.0.html\nhttps://www.samba.org/samba/history/samba-4.2.10.html\n\nfor further details (in particular for new options and defaults).\n\nWe'd like to thank Andreas Schneider and Guenther Deschner (Red Hat),\nStefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE)\nfor the massive backporting work required to support Samba 3.6 and Samba\n4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent\nfor their help in preparing updates of Samba and the underlying\ninfrastructure libraries.\n\nWe recommend that you upgrade your samba packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2016-04-13T20:42:21", "published": "2016-04-13T20:42:21", "id": "DEBIAN:DSA-3548-1:02A5F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00123.html", "title": "[SECURITY] [DSA 3548-1] samba security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
