Debian Security Advisory
DSA-3433-1 samba -- security update
- Date Reported:
- 02 Jan 2016
- Affected Packages:
- samba
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467.
- More information:
-
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues:
- CVE-2015-3223
Thilo Uttendorfer of Linux Information Systems AG discovered that a malicious request can cause the Samba LDAP server to hang, spinning using CPU. A remote attacker can take advantage of this flaw to mount a denial of service.
- CVE-2015-5252
Jan
Yenya
Kasprzak and the Computer Systems Unit team at Faculty of Informatics, Masaryk University discovered that insufficient symlink verification could allow data access outside an exported share path. - CVE-2015-5296
Stefan Metzmacher of SerNet discovered that Samba does not ensure that signing is negotiated when creating an encrypted client connection to a server. This allows a man-in-the-middle attacker to downgrade the connection and connect using the supplied credentials as an unsigned, unencrypted connection.
- CVE-2015-5299
It was discovered that a missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots.
- CVE-2015-5330
Douglas Bagnall of Catalyst discovered that the Samba LDAP server is vulnerable to a remote memory read attack. A remote attacker can obtain sensitive information from daemon heap memory by sending crafted packets and then either read an error message, or a database value.
- CVE-2015-7540
It was discovered that a malicious client can send packets that cause the LDAP server provided by the AD DC in the samba daemon process to consume unlimited memory and be terminated.
- CVE-2015-8467
Andrew Bartlett of the Samba Team and Catalyst discovered that a Samba server deployed as an AD DC can expose Windows DCs in the same domain to a denial of service via the creation of multiple machine accounts. This issue is related to the MS15-096 / CVE-2015-2535 security issue in Windows.
For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u6. The oldstable distribution (wheezy) is only affected by CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299.
For the stable distribution (jessie), these problems have been fixed in version 2:4.1.17+dfsg-2+deb8u1. The fixes for CVE-2015-3223 and CVE-2015-5330 required an update to ldb 2:1.1.17-2+deb8u1 to correct the defects.
For the unstable distribution (sid), these problems have been fixed in version 2:4.1.22+dfsg-1. The fixes for CVE-2015-3223 and CVE-2015-5330 required an update to ldb 2:1.1.24-1 to correct the defects.
We recommend that you upgrade your samba packages.
- CVE-2015-3223