Lucene search
K

Debian Security Advisory DSA 3740-1 (samba - security update)

🗓️ 19 Dec 2016 00:00:00Reported by Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.netType 
openvas
 openvas
🔗 plugins.openvas.org👁 43 Views

Debian Security Advisory DSA 3740-1 (samba - security update) for Unix systems. Vulnerabilities: CVE-2016-2119, CVE-2016-2123, CVE-2016-2125, CVE-2016-212

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin:Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2119)
18 Jun 201800:28
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Samba, BIND and Libreswan affect IBM Netezza Host Management
18 Oct 201903:10
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL and Samba affects IBM Netezza Host Management
18 Oct 201903:10
ibm
IBM Security Bulletins
Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2125, CVE-2016-2126)
18 Jun 201800:32
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in Bluemix
15 Jun 201807:07
ibm
IBM Security Bulletins
Security Bulletin: IBM® DB2® LUW on AIX and Linux Affected by a Vulnerability in GPFS (CVE-2016-2119)
16 Jun 201813:44
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in Open Source NTP and ISC BIND affect IBM Netezza Host Management
18 Oct 201903:10
ibm
IBM Security Bulletins
Security Bulletin: Samba vulnerability issue in IBM SONAS (CVE-2016-2119)
18 Jun 201800:28
ibm
IBM Security Bulletins
Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2016-2125, CVE-2016-2126 )
18 Jun 201800:32
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125)
1 Aug 201819:05
ibm
Rows per page
# OpenVAS Vulnerability Test
# $Id: deb_3740.nasl 6608 2017-07-07 12:05:05Z cfischer $
# Auto-generated from advisory DSA 3740-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703740);
    script_version("$Revision: 6608 $");
    script_cve_id("CVE-2016-2119", "CVE-2016-2123", "CVE-2016-2125", "CVE-2016-2126");
    script_name("Debian Security Advisory DSA 3740-1 (samba - security update)");
    script_tag(name: "last_modification", value: "$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $");
    script_tag(name: "creation_date", value: "2016-12-19 00:00:00 +0100 (Mon, 19 Dec 2016)");
    script_tag(name: "cvss_base", value: "10.0");
    script_tag(name: "cvss_base_vector", value: "AV:N/AC:L/Au:N/C:C/I:C/A:C");
    script_tag(name: "solution_type", value: "VendorFix");
    script_tag(name: "qod_type", value: "package");

    script_xref(name: "URL", value: "http://www.debian.org/security/2016/dsa-3740.html");

    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "samba on Debian Linux");
    script_tag(name: "insight",   value: "Samba is an implementation of the
SMB/CIFS protocol for Unix systems, providing support for cross-platform file and
printer sharing with Microsoft Windows, OS X, and other Unix systems. Samba can
also function as an NT4-style domain controller, and can integrate with both NT4
domains and Active Directory realms as a member server.");
    script_tag(name: "solution",  value: "For the stable distribution (jessie),
these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u2. In addition, this
update contains several changes originally targeted for the upcoming jessie point
release.

We recommend that you upgrade your samba packages.");
    script_tag(name: "summary",   value: "Several vulnerabilities have been
discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common
Vulnerabilities and Exposures project identifies the following issues:

CVE-2016-2119 
Stefan Metzmacher discovered that client-side SMB2/3 required
signing can be downgraded, allowing a man-in-the-middle attacker to
impersonate a server being connected to by Samba, and return
malicious results.

CVE-2016-2123 
Trend Micro's Zero Day Initiative and Frederic Besler discovered
that the routine ndr_pull_dnsp_name, used to parse data from the
Samba Active Directory ldb database, contains an integer overflow
flaw, leading to an attacker-controlled memory overwrite. An
authenticated user can take advantage of this flaw for remote
privilege escalation.

CVE-2016-2125Simo Sorce of Red Hat discovered that the Samba client code always
requests a forwardable ticket when using Kerberos authentication. A
target server, which must be in the current or trusted domain/realm,
is given a valid general purpose Kerberos Ticket Granting Ticket 

(TGT), which can be used to fully impersonate the authenticated user
or service.

CVE-2016-2126 
Volker Lendecke discovered several flaws in the Kerberos PAC
validation. A remote, authenticated, attacker can cause the winbindd
process to crash using a legitimate Kerberos ticket due to incorrect
handling of the PAC checksum. A local service with access to the
winbindd privileged pipe can cause winbindd to cache elevated access
permissions.");
    script_tag(name: "vuldetect", value: "This check tests the installed
software version using the apt package manager.");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"ctdb", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libnss-winbind:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libnss-winbind:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libpam-smbpass:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libpam-smbpass:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libpam-winbind:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libpam-winbind:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libparse-pidl-perl", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libsmbclient:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libsmbclient:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libsmbclient-dev:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libsmbclient-dev:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libsmbsharemodes-dev:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libsmbsharemodes-dev:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libsmbsharemodes0:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libsmbsharemodes0:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libwbclient-dev:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libwbclient-dev:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libwbclient0:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libwbclient0:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"python-samba", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"registry-tools", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-common", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-common-bin", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-dbg", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-dev", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-doc", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-dsdb-modules", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-libs:amd64", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-libs:i386", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"samba-testsuite", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"samba-vfs-modules", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"smbclient", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"winbind", ver:"2:4.2.14+dfsg-0+deb8u2", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Jul 2017 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.09199
43