(RHSA-2017:0495) Moderate: Red Hat Gluster Storage 3.2.0 samba security, bug fixes and enhancement update

2017-03-2305:04:49

access.redhat.com

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

79.2%

JSON

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

The following packages have been upgraded to a later upstream version: samba (4.4.6). (BZ#1382287)

Security Fix(es):

It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125)
A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126)

Enhancement(s):

gluster vfs plugin now supports more than one volfile servers. Samba tries to connect to the next server on the list if one of the gluster server is not reachable. (BZ#1330081)

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64samba-debuginfo< 4.4.6-4.el7rhgssamba-debuginfo-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64samba-client-libs< 4.4.6-4.el7rhgssamba-client-libs-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64libwbclient-devel< 4.4.6-4.el7rhgslibwbclient-devel-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64samba-test-libs< 4.4.6-4.el7rhgssamba-test-libs-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64samba-winbind-modules< 4.4.6-4.el7rhgssamba-winbind-modules-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64samba-winbind< 4.4.6-4.el7rhgssamba-winbind-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64libsmbclient-devel< 4.4.6-4.el7rhgslibsmbclient-devel-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64samba-common-tools< 4.4.6-4.el7rhgssamba-common-tools-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64ctdb-tests< 4.4.6-4.el7rhgsctdb-tests-4.4.6-4.el7rhgs.x86_64.rpm
RedHat7x86_64libsmbclient< 4.4.6-4.el7rhgslibsmbclient-4.4.6-4.el7rhgs.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	x86_64	samba-debuginfo	< 4.4.6-4.el7rhgs	samba-debuginfo-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	samba-client-libs	< 4.4.6-4.el7rhgs	samba-client-libs-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	libwbclient-devel	< 4.4.6-4.el7rhgs	libwbclient-devel-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	samba-test-libs	< 4.4.6-4.el7rhgs	samba-test-libs-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	samba-winbind-modules	< 4.4.6-4.el7rhgs	samba-winbind-modules-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	samba-winbind	< 4.4.6-4.el7rhgs	samba-winbind-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	libsmbclient-devel	< 4.4.6-4.el7rhgs	libsmbclient-devel-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	samba-common-tools	< 4.4.6-4.el7rhgs	samba-common-tools-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	ctdb-tests	< 4.4.6-4.el7rhgs	ctdb-tests-4.4.6-4.el7rhgs.x86_64.rpm
RedHat	7	x86_64	libsmbclient	< 4.4.6-4.el7rhgs	libsmbclient-4.4.6-4.el7rhgs.x86_64.rpm