samba: Several vulnerabilities (CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467)
CVE-2015-3223: libldb: Remote DoS in Samba (AD) LDAP server
All versions of Samba from 4.0.0 to 4.3.2 inclusive are vulnerable to a denial of service attack in the samba daemon LDAP server.
Fixed In Version:
ldb 1.1.24
CVE-2015-5252: Insufficient symlink verification in smbd
All versions of Samba from 3.0.0 to 4.3.2 inclusive are vulnerable to a bug in symlink verification, which under certain circumstances could allow client access to files outside the exported share path.
Fixed In Version:
samba 4.1.22, samba 4.2.7, samba 4.3.3
CVE-2015-5296: client requesting encryption vulnerable to downgrade attack
Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that signing is negotiated when creating an encrypted client connection to a server.
Fixed In Version:
samba 4.1.22, samba 4.2.7, samba 4.3.3
CVE-2015-5299: Missing access control check in shadow copy code
All versions of Samba from 3.2.0 to 4.3.1 inclusive are vulnerable to
a missing access control check in the vfs_shadow_copy2 module. When
looking for the shadow copy directory under the share path the current
accessing user should have DIRECTORY_LIST access rights in order to
view the current snapshots.
Fixed In Version:
samba 4.1.22, samba 4.2.7, samba 4.3.3
CVE-2015-5330: samba, ldb: remote memory read in the Samba LDAP server
Fixed In Version:
ldb 1.1.24, samba 4.1.22, samba 4.2.7, samba 4.3.3
CVE-2015-7540: DoS to AD-DC due to insufficient checking of asn1 memory allocation
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
Fixed In Version:
samba 4.1.22, samba 4.2.0
CVE-2015-8467: Denial of service attack against Windows Active Directory server.
Samba, operating as an AD DC, is sometimes operated in a domain with a
mix of Samba and Windows Active Directory Domain Controllers.
All versions of Samba from 4.0.0 to 4.3.2 inclusive, when deployed as
an AD DC in the same domain with Windows DCs, could be used to
override the protection against the MS15-096 / CVE-2015-2535 security
issue in Windows.
References:
https://www.samba.org/samba/security/CVE-2015-3223.html
https://www.samba.org/samba/security/CVE-2015-5252.html
https://www.samba.org/samba/security/CVE-2015-5296.html
https://www.samba.org/samba/security/CVE-2015-5299.html
https://www.samba.org/samba/security/CVE-2015-5330.html
https://www.samba.org/samba/security/CVE-2015-7540.html
https://www.samba.org/samba/security/CVE-2015-8467.html
Upstream commits:
https://git.samba.org/?p=samba.git;a=commitdiff;h=ec504dbf69636a554add1f3d5703dd6c3ad450b8
https://git.samba.org/?p=samba.git;a=commitdiff;h=aa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
https://git.samba.org/?p=samba.git;a=commitdiff;h=4278ef25f64d5fdbf432ff1534e275416ec9561e
https://git.samba.org/?p=samba.git;a=commitdiff;h=d724f835acb9f4886c0001af32cd325dbbf1f895
https://git.samba.org/?p=samba.git;a=commitdiff;h=1ba49b8f389eda3414b14410c7fbcb4041ca06b1
https://git.samba.org/?p=samba.git;a=commitdiff;h=a819d2b440aafa3138d95ff6e8b824da885a70e9
https://git.samba.org/?p=samba.git;a=commitdiff;h=675fd8d771f9d43e354dba53ddd9b5483ae0a1d7
https://git.samba.org/?p=samba.git;a=commitdiff;h=ba5dbda6d0174a59d221c45cca52ecd232820d48
https://git.samba.org/?p=samba.git;a=commitdiff;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b
https://git.samba.org/?p=samba.git;a=commitdiff;h=538d305de91e34a2938f5f219f18bf0e1918763f
https://git.samba.org/?p=samba.git;a=commitdiff;h=530d50a1abdcdf4d1775652d4c456c1274d83d8d
https://git.samba.org/?p=samba.git;a=commitdiff;h=9d989c9dd7a5b92d0c5d65287935471b83b6e884
(from redmine: issue id 5039, created on 2016-01-22, closed on 2016-06-15)
- Relations:
- child #5040 (closed)
- child #5041 (closed)
- child #5042 (closed)
- child #5043 (closed)
- child #5044 (closed)
- Changesets:
- Revision 47affed1 on 2016-01-27T14:04:34Z:
main/samba: security upgrade to 4.2.7 (CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-8467). Fixes #5039