Red Hat Enterprise Linux 5 update for samba

1) Man-in-the-middle attack

EUVDB-ID: #VU235

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2110

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the failure to protect the feature negotiation of NTLMSSP from a downgrade. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL flags and perform downgrade attacks.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server from RHUI: 5.0

Red Hat Enterprise Linux for IBM z Systems: 5.0

Red Hat Enterprise Linux Workstation: 5.0

Red Hat Enterprise Linux Server: 5.0

Red Hat Enterprise Linux Desktop: 5

samba (Red Hat package): before 3.0.33-3.41.el5_11

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_from_rhui:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:samba_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2016:0621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Man-in-the-middle attack

EUVDB-ID: #VU236

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2111

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

Exploit availability: No

Description

The vulnerability allows a remote attacker to to conduct spoofing attacks.

The vulnerability exists due to an error in the NETLOGON service when a Domain Controller is configured. A remote unauthenticated attacker can conduct spoofing attacks by using a specially crafted application to connect to another domain joined system and access session-related information of the spoofed computer.

Successful exploitation of this vulnerability may result in disclosure of user information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server from RHUI: 5.0

Red Hat Enterprise Linux for IBM z Systems: 5.0

Red Hat Enterprise Linux Workstation: 5.0

Red Hat Enterprise Linux Server: 5.0

Red Hat Enterprise Linux Desktop: 5

samba (Red Hat package): before 3.0.33-3.41.el5_11

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_from_rhui:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:samba_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2016:0621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Man-in-the-middle attack

EUVDB-ID: #VU241

Risk: High

CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-2118

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the system.

The vulnerability exists due to the acceptance of inadequate authentication levels by the Microsoft Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. A remote attacker can gain elevated privileges on the system by using man-in-the-middle techniques to impersonate an authenticated user against the SAMR or LSAD service and gain access to the Security Account Manager (SAM) database.

Successful exploitation of this vulnerability may result in disclosere of sytem information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server from RHUI: 5.0

Red Hat Enterprise Linux for IBM z Systems: 5.0

Red Hat Enterprise Linux Workstation: 5.0

Red Hat Enterprise Linux Server: 5.0

Red Hat Enterprise Linux Desktop: 5

samba (Red Hat package): before 3.0.33-3.41.el5_11

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_from_rhui:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:samba_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2016:0621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Man-in-the-middle attack

EUVDB-ID: #VU237

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2112

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the failure to enforce integrity protection by the LDAP client and server. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to downgrade LDAP connections.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server from RHUI: 5.0

Red Hat Enterprise Linux for IBM z Systems: 5.0

Red Hat Enterprise Linux Workstation: 5.0

Red Hat Enterprise Linux Server: 5.0

Red Hat Enterprise Linux Desktop: 5

samba (Red Hat package): before 3.0.33-3.41.el5_11

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_from_rhui:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:samba_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2016:0621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Man-in-the-middle attack

EUVDB-ID: #VU240

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2115

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to to bypass security restrictions.

The vulnerability exists due to the failure to protect the integrity of SMB client connections for IPC traffic. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to perform unauthorized actions.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server from RHUI: 5.0

Red Hat Enterprise Linux for IBM z Systems: 5.0

Red Hat Enterprise Linux Workstation: 5.0

Red Hat Enterprise Linux Server: 5.0

Red Hat Enterprise Linux Desktop: 5

samba (Red Hat package): before 3.0.33-3.41.el5_11

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_from_rhui:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:5.0:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:a:red_hat:samba_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2016:0621

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.