Date: Tue, 12 Apr 2016 18:49:29 +0000 (UTC) From: "Timur I. Bakeyev" <timur@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r413154 - head/security/vuxml Message-ID: <201604121849.u3CInTlg000373@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: timur Date: Tue Apr 12 18:49:29 2016 New Revision: 413154 URL: https://svnweb.freebsd.org/changeset/ports/413154 Log: Multiple vulnerabilities in Samba. [CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. [CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. [CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic. [CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection. [CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://). [CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured. [CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection. [CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers. Security: CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 Sponsored by: Micro$oft Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Apr 12 18:19:45 2016 (r413153) +++ head/security/vuxml/vuln.xml Tue Apr 12 18:49:29 2016 (r413154) @@ -58,6 +58,85 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="a636fc26-00d9-11e6-b704-000c292e4fd8"> + <topic>samba -- multiple vulnerabilities</topic> + <affects> + <package> + <name>samba36</name> + <range><ge>3.6.0</ge><le>3.6.25_3</le></range> + </package> + <package> + <name>samba4</name> + <range><ge>4.0.0</ge><le>4.0.26</le></range> + </package> + <package> + <name>samba41</name> + <range><ge>4.1.0</ge><le>4.1.23</le></range> + </package> + <package> + <name>samba42</name> + <range><ge>4.2.0</ge><lt>4.2.11</lt></range> + </package> + <package> + <name>samba43</name> + <range><ge>4.3.0</ge><lt>4.3.8</lt></range> + </package> + <package> + <name>samba44</name> + <range><ge>4.4.0</ge><lt>4.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Samba team reports:</p> + <blockquote cite="https://www.samba.org/samba/latest_news.html#4.4.2">; + <p>[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service + (crashes and high cpu consumption) and man in the middle attacks.</p> + <p>[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. + A man in the middle is able to clear even required flags, especially + NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.</p> + <p>[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote + attackers to spoof the computer name of a secure channel's endpoints, and obtain + sensitive session information, by running a crafted application and leveraging + the ability to sniff network traffic.</p> + <p>[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections + to no integrity protection.</p> + <p>[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP + connections (with ldaps://) and ncacn_http connections (with https://).</p>; + <p>[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.</p> + <p>[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is + the default for most the file server related protocols) is inherited from the underlying SMB connection.</p> + <p>[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic + between a client and a server in order to impersonate the client and get the same privileges + as the authenticated user account. This is most problematic against active directory domain controllers.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-5370</cvename> + <url>https://www.samba.org/samba/security/CVE-2015-5370.html</url>; + <cvename>CVE-2016-2110</cvename> + <url>https://www.samba.org/samba/security/CVE-2016-2110.html</url>; + <cvename>CVE-2016-2111</cvename> + <url>https://www.samba.org/samba/security/CVE-2016-2111.html</url>; + <cvename>CVE-2016-2112</cvename> + <url>https://www.samba.org/samba/security/CVE-2016-2112.html</url>; + <cvename>CVE-2016-2113</cvename> + <url>https://www.samba.org/samba/security/CVE-2016-2113.html</url>; + <cvename>CVE-2016-2114</cvename> + <url>https://www.samba.org/samba/security/CVE-2016-2114.html</url>; + <cvename>CVE-2016-2115</cvename> + <url>https://www.samba.org/samba/security/CVE-2016-2115.html</url>; + <cvename>CVE-2016-2118</cvename> + <url>https://www.samba.org/samba/security/CVE-2016-2118.html</url>; + </references> + <dates> + <discovery>2016-04-12</discovery> + <entry>2016-04-12</entry> + <modified>2016-04-12</modified> + </dates> + </vuln> + <vuln vid="482d40cb-f9a3-11e5-92ce-002590263bf5"> <topic>php -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604121849.u3CInTlg000373>