#VU32348 Input validation error in Samba - CVE-2015-5296


| Updated: 2020-07-28

Vulnerability identifier: #VU32348

Vulnerability risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-5296

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 4.1.0 - 4.1.21, 4.2.0 - 4.2.6, 4.3.0 - 4.3.2

External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html
https://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html
https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
https://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
https://www.debian.org/security/2016/dsa-3433
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://www.securityfocus.com/bid/79732
https://www.securitytracker.com/id/1034493
https://www.ubuntu.com/usn/USN-2855-1
https://www.ubuntu.com/usn/USN-2855-2
https://bugzilla.redhat.com/show_bug.cgi?id=1290292
https://git.samba.org/?p=samba.git;a=commit;h=1ba49b8f389eda3414b14410c7fbcb4041ca06b1
https://git.samba.org/?p=samba.git;a=commit;h=a819d2b440aafa3138d95ff6e8b824da885a70e9
https://git.samba.org/?p=samba.git;a=commit;h=d724f835acb9f4886c0001af32cd325dbbf1f895
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
https://security.gentoo.org/glsa/201612-47
https://www.samba.org/samba/security/CVE-2015-5296.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HPE HP-UX CIFS-Server (Samba)
Input validation error in samba (Alpine package)
SUSE Linux update for samba
Amazon Linux AMI update for samba
SUSE Linux update for samba
Input validation error in Samba
OpenSUSE Linux update for ldb, samba, talloc, tdb, tevent
SUSE Linux update for ldb, samba, talloc, tdb, tevent
SUSE Linux update for ldb, samba, talloc, tdb, tevent