Ubuntu update for Samba



| Updated: 2018-11-22
Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2015-5370
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2114
CVE-2016-2115
CVE-2016-2118
CWE-ID CWE-400
CWE-300
CWE-290
Exploitation vector Network
Public exploit N/A
Vulnerable software
Ubuntu
Operating systems & Components / Operating system

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU234

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-5370

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper validation of DCE-RPC packets by the DCE-RPC client and server implementations. A remote attacker can downgrade a secure connection to an insecure one and consume a large amount of CPU resources by using man-in-the-middle techniques.

Successful exploitation of this vulnerability may result in a a denial of service.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3 External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Man-in-the-middle attack

EUVDB-ID: #VU235

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2110

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the failure to protect the feature negotiation of NTLMSSP from a downgrade. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL flags and perform downgrade attacks.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Man-in-the-middle attack

EUVDB-ID: #VU236

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2111

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

Exploit availability: No

Description

The vulnerability allows a remote attacker to to conduct spoofing attacks.

The vulnerability exists due to an error in the NETLOGON service when a Domain Controller is configured. A remote unauthenticated attacker can conduct spoofing attacks by using a specially crafted application to connect to another domain joined system and access session-related information of the spoofed computer.

Successful exploitation of this vulnerability may result in disclosure of user information.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Man-in-the-middle attack

EUVDB-ID: #VU237

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2112

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the failure to enforce integrity protection by the LDAP client and server. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to downgrade LDAP connections.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Man-in-the-middle attack

EUVDB-ID: #VU238

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2113

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to to bypass security restrictions.

The vulnerability exists due to the failure to validate TLS certificates. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to perform unauthorized actions.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Man-in-the-middle attack

EUVDB-ID: #VU239

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2114

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to to bypass security restrictions.

The vulnerability exists due to the failure to enforce required smb signing. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to perform unauthorized actions.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Man-in-the-middle attack

EUVDB-ID: #VU240

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2115

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to to bypass security restrictions.

The vulnerability exists due to the failure to protect the integrity of SMB client connections for IPC traffic. A remote unauthenticated attacker can bypass security restrictions by using man-in-the-middle techniques to perform unauthorized actions.

Successful exploitation of this vulnerability may result in security restrictions bypass.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Man-in-the-middle attack

EUVDB-ID: #VU241

Risk: High

CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-2118

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the system.

The vulnerability exists due to the acceptance of inadequate authentication levels by the Microsoft Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. A remote attacker can gain elevated privileges on the system by using man-in-the-middle techniques to impersonate an authenticated user against the SAMR or LSAD service and gain access to the Security Account Manager (SAM) database.

Successful exploitation of this vulnerability may result in disclosere of sytem information.

Mitigation

Update the affected packages

Ubuntu 16.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.16.04.2
Ubuntu 15.10:
samba 2:4.3.9+dfsg-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
samba 2:4.3.9+dfsg-0ubuntu0.14.04.3

Vulnerable software versions

Ubuntu: 14.04 - 16.04

CPE2.3
External links

https://www.ubuntu.com/usn/usn-2950-5/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###