RHSA-2016:0611-01 -- Redhat sambaID: oval:org.secpod.oval:def:501805 | Date: (C)2016-04-13 (M)2023-12-20 |
Class: PATCH | Family: unix |
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server or, possibly, execute arbitrary code with the permissions of the user running Samba . This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory object and compromising the security of a Samba Active Directory Domain Controller . Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol and the Local Security Authority Remote Protocol . Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. * It was found that Samba"s LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen as the original reporter of CVE-2015-5370; and Stefan Metzmacher as the original reporter of CVE-2016-2118, CVE-2016-2112, and CVE-2016-2115.
Platform: |
Red Hat Enterprise Linux 6 |