Amazon Linux AMI update for samba



Published: 2016-01-18
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2015-5252
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CWE-ID CWE-264
CWE-20
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32347

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5252

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.

Mitigation

Update the affected packages:

i686:
    samba-devel-4.2.3-11.28.amzn1.i686
    libsmbclient-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-modules-4.2.3-11.28.amzn1.i686
    ctdb-tests-4.2.3-11.28.amzn1.i686
    samba-client-4.2.3-11.28.amzn1.i686
    samba-debuginfo-4.2.3-11.28.amzn1.i686
    samba-libs-4.2.3-11.28.amzn1.i686
    samba-winbind-4.2.3-11.28.amzn1.i686
    samba-test-4.2.3-11.28.amzn1.i686
    samba-client-libs-4.2.3-11.28.amzn1.i686
    samba-common-libs-4.2.3-11.28.amzn1.i686
    libwbclient-devel-4.2.3-11.28.amzn1.i686
    ctdb-4.2.3-11.28.amzn1.i686
    samba-test-libs-4.2.3-11.28.amzn1.i686
    samba-test-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.i686
    samba-4.2.3-11.28.amzn1.i686
    samba-common-tools-4.2.3-11.28.amzn1.i686
    samba-winbind-clients-4.2.3-11.28.amzn1.i686
    libsmbclient-4.2.3-11.28.amzn1.i686
    samba-python-4.2.3-11.28.amzn1.i686
    libwbclient-4.2.3-11.28.amzn1.i686
    ctdb-devel-4.2.3-11.28.amzn1.i686

noarch:
    samba-pidl-4.2.3-11.28.amzn1.noarch
    samba-common-4.2.3-11.28.amzn1.noarch

src:
    samba-4.2.3-11.28.amzn1.src

x86_64:
    samba-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-4.2.3-11.28.amzn1.x86_64
    samba-winbind-4.2.3-11.28.amzn1.x86_64
    samba-test-libs-4.2.3-11.28.amzn1.x86_64
    samba-common-libs-4.2.3-11.28.amzn1.x86_64
    samba-4.2.3-11.28.amzn1.x86_64
    samba-debuginfo-4.2.3-11.28.amzn1.x86_64
    samba-devel-4.2.3-11.28.amzn1.x86_64
    ctdb-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-modules-4.2.3-11.28.amzn1.x86_64
    samba-client-4.2.3-11.28.amzn1.x86_64
    ctdb-tests-4.2.3-11.28.amzn1.x86_64
    samba-common-tools-4.2.3-11.28.amzn1.x86_64
    ctdb-4.2.3-11.28.amzn1.x86_64
    samba-python-4.2.3-11.28.amzn1.x86_64
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.x86_64
    samba-test-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-clients-4.2.3-11.28.amzn1.x86_64
    samba-client-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-devel-4.2.3-11.28.amzn1.x86_64
    samba-test-4.2.3-11.28.amzn1.x86_64
    libwbclient-devel-4.2.3-11.28.amzn1.x86_64
    libwbclient-4.2.3-11.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2016-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU32348

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5296

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

Mitigation

Update the affected packages:

i686:
    samba-devel-4.2.3-11.28.amzn1.i686
    libsmbclient-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-modules-4.2.3-11.28.amzn1.i686
    ctdb-tests-4.2.3-11.28.amzn1.i686
    samba-client-4.2.3-11.28.amzn1.i686
    samba-debuginfo-4.2.3-11.28.amzn1.i686
    samba-libs-4.2.3-11.28.amzn1.i686
    samba-winbind-4.2.3-11.28.amzn1.i686
    samba-test-4.2.3-11.28.amzn1.i686
    samba-client-libs-4.2.3-11.28.amzn1.i686
    samba-common-libs-4.2.3-11.28.amzn1.i686
    libwbclient-devel-4.2.3-11.28.amzn1.i686
    ctdb-4.2.3-11.28.amzn1.i686
    samba-test-libs-4.2.3-11.28.amzn1.i686
    samba-test-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.i686
    samba-4.2.3-11.28.amzn1.i686
    samba-common-tools-4.2.3-11.28.amzn1.i686
    samba-winbind-clients-4.2.3-11.28.amzn1.i686
    libsmbclient-4.2.3-11.28.amzn1.i686
    samba-python-4.2.3-11.28.amzn1.i686
    libwbclient-4.2.3-11.28.amzn1.i686
    ctdb-devel-4.2.3-11.28.amzn1.i686

noarch:
    samba-pidl-4.2.3-11.28.amzn1.noarch
    samba-common-4.2.3-11.28.amzn1.noarch

src:
    samba-4.2.3-11.28.amzn1.src

x86_64:
    samba-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-4.2.3-11.28.amzn1.x86_64
    samba-winbind-4.2.3-11.28.amzn1.x86_64
    samba-test-libs-4.2.3-11.28.amzn1.x86_64
    samba-common-libs-4.2.3-11.28.amzn1.x86_64
    samba-4.2.3-11.28.amzn1.x86_64
    samba-debuginfo-4.2.3-11.28.amzn1.x86_64
    samba-devel-4.2.3-11.28.amzn1.x86_64
    ctdb-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-modules-4.2.3-11.28.amzn1.x86_64
    samba-client-4.2.3-11.28.amzn1.x86_64
    ctdb-tests-4.2.3-11.28.amzn1.x86_64
    samba-common-tools-4.2.3-11.28.amzn1.x86_64
    ctdb-4.2.3-11.28.amzn1.x86_64
    samba-python-4.2.3-11.28.amzn1.x86_64
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.x86_64
    samba-test-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-clients-4.2.3-11.28.amzn1.x86_64
    samba-client-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-devel-4.2.3-11.28.amzn1.x86_64
    samba-test-4.2.3-11.28.amzn1.x86_64
    libwbclient-devel-4.2.3-11.28.amzn1.x86_64
    libwbclient-4.2.3-11.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2016-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU32349

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5299

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.

Mitigation

Update the affected packages:

i686:
    samba-devel-4.2.3-11.28.amzn1.i686
    libsmbclient-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-modules-4.2.3-11.28.amzn1.i686
    ctdb-tests-4.2.3-11.28.amzn1.i686
    samba-client-4.2.3-11.28.amzn1.i686
    samba-debuginfo-4.2.3-11.28.amzn1.i686
    samba-libs-4.2.3-11.28.amzn1.i686
    samba-winbind-4.2.3-11.28.amzn1.i686
    samba-test-4.2.3-11.28.amzn1.i686
    samba-client-libs-4.2.3-11.28.amzn1.i686
    samba-common-libs-4.2.3-11.28.amzn1.i686
    libwbclient-devel-4.2.3-11.28.amzn1.i686
    ctdb-4.2.3-11.28.amzn1.i686
    samba-test-libs-4.2.3-11.28.amzn1.i686
    samba-test-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.i686
    samba-4.2.3-11.28.amzn1.i686
    samba-common-tools-4.2.3-11.28.amzn1.i686
    samba-winbind-clients-4.2.3-11.28.amzn1.i686
    libsmbclient-4.2.3-11.28.amzn1.i686
    samba-python-4.2.3-11.28.amzn1.i686
    libwbclient-4.2.3-11.28.amzn1.i686
    ctdb-devel-4.2.3-11.28.amzn1.i686

noarch:
    samba-pidl-4.2.3-11.28.amzn1.noarch
    samba-common-4.2.3-11.28.amzn1.noarch

src:
    samba-4.2.3-11.28.amzn1.src

x86_64:
    samba-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-4.2.3-11.28.amzn1.x86_64
    samba-winbind-4.2.3-11.28.amzn1.x86_64
    samba-test-libs-4.2.3-11.28.amzn1.x86_64
    samba-common-libs-4.2.3-11.28.amzn1.x86_64
    samba-4.2.3-11.28.amzn1.x86_64
    samba-debuginfo-4.2.3-11.28.amzn1.x86_64
    samba-devel-4.2.3-11.28.amzn1.x86_64
    ctdb-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-modules-4.2.3-11.28.amzn1.x86_64
    samba-client-4.2.3-11.28.amzn1.x86_64
    ctdb-tests-4.2.3-11.28.amzn1.x86_64
    samba-common-tools-4.2.3-11.28.amzn1.x86_64
    ctdb-4.2.3-11.28.amzn1.x86_64
    samba-python-4.2.3-11.28.amzn1.x86_64
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.x86_64
    samba-test-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-clients-4.2.3-11.28.amzn1.x86_64
    samba-client-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-devel-4.2.3-11.28.amzn1.x86_64
    samba-test-4.2.3-11.28.amzn1.x86_64
    libwbclient-devel-4.2.3-11.28.amzn1.x86_64
    libwbclient-4.2.3-11.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2016-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU32350

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5330

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.

Mitigation

Update the affected packages:

i686:
    samba-devel-4.2.3-11.28.amzn1.i686
    libsmbclient-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-modules-4.2.3-11.28.amzn1.i686
    ctdb-tests-4.2.3-11.28.amzn1.i686
    samba-client-4.2.3-11.28.amzn1.i686
    samba-debuginfo-4.2.3-11.28.amzn1.i686
    samba-libs-4.2.3-11.28.amzn1.i686
    samba-winbind-4.2.3-11.28.amzn1.i686
    samba-test-4.2.3-11.28.amzn1.i686
    samba-client-libs-4.2.3-11.28.amzn1.i686
    samba-common-libs-4.2.3-11.28.amzn1.i686
    libwbclient-devel-4.2.3-11.28.amzn1.i686
    ctdb-4.2.3-11.28.amzn1.i686
    samba-test-libs-4.2.3-11.28.amzn1.i686
    samba-test-devel-4.2.3-11.28.amzn1.i686
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.i686
    samba-4.2.3-11.28.amzn1.i686
    samba-common-tools-4.2.3-11.28.amzn1.i686
    samba-winbind-clients-4.2.3-11.28.amzn1.i686
    libsmbclient-4.2.3-11.28.amzn1.i686
    samba-python-4.2.3-11.28.amzn1.i686
    libwbclient-4.2.3-11.28.amzn1.i686
    ctdb-devel-4.2.3-11.28.amzn1.i686

noarch:
    samba-pidl-4.2.3-11.28.amzn1.noarch
    samba-common-4.2.3-11.28.amzn1.noarch

src:
    samba-4.2.3-11.28.amzn1.src

x86_64:
    samba-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-4.2.3-11.28.amzn1.x86_64
    samba-winbind-4.2.3-11.28.amzn1.x86_64
    samba-test-libs-4.2.3-11.28.amzn1.x86_64
    samba-common-libs-4.2.3-11.28.amzn1.x86_64
    samba-4.2.3-11.28.amzn1.x86_64
    samba-debuginfo-4.2.3-11.28.amzn1.x86_64
    samba-devel-4.2.3-11.28.amzn1.x86_64
    ctdb-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-modules-4.2.3-11.28.amzn1.x86_64
    samba-client-4.2.3-11.28.amzn1.x86_64
    ctdb-tests-4.2.3-11.28.amzn1.x86_64
    samba-common-tools-4.2.3-11.28.amzn1.x86_64
    ctdb-4.2.3-11.28.amzn1.x86_64
    samba-python-4.2.3-11.28.amzn1.x86_64
    samba-winbind-krb5-locator-4.2.3-11.28.amzn1.x86_64
    samba-test-devel-4.2.3-11.28.amzn1.x86_64
    samba-winbind-clients-4.2.3-11.28.amzn1.x86_64
    samba-client-libs-4.2.3-11.28.amzn1.x86_64
    libsmbclient-devel-4.2.3-11.28.amzn1.x86_64
    samba-test-4.2.3-11.28.amzn1.x86_64
    libwbclient-devel-4.2.3-11.28.amzn1.x86_64
    libwbclient-4.2.3-11.28.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2016-634.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###