Security Advisory Important: samba security update

Advisory: RHSA-2016:0621-2
Type: Security Advisory
Severity: Important
Issued on: 2016-04-14
Last updated on: 2016-04-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2016-2110
CVE-2016-2111
CVE-2016-2118

Details

An update for samba is now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

[Updated 14 April 2016]
This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed
by this update. However, this issue did not affect the samba packages on Red Hat
Enterprise Linux 5. The CVE-2016-2115 was also incorrectly listed as addressed
by this update. This issue does affect the samba packages on Red Hat Enterprise
Linux 5. Customers are advised to use the "client signing = required"
configuration option in the smb.conf file to mitigate CVE-2016-2115. No changes
have been made to the packages.

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

* A protocol flaw, publicly referred to as Badlock, was found in the Security
Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority
(Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection
that a client initiates against a server could be used by a man-in-the-middle
attacker to impersonate the authenticated user against the SAMR or LSA service
on the server. As a result, the attacker would be able to get read/write access
to the Security Account Manager database, and use this to reveal all passwords
or any other potentially sensitive information in that database. (CVE-2016-2118)

* Several flaws were found in Samba's implementation of NTLMSSP authentication.
An unauthenticated, man-in-the-middle attacker could use this flaw to clear the
encryption and integrity flags of a connection, causing data to be transmitted
in plain text. The attacker could also force the client or server into sending
data in plain text even if encryption was explicitly requested for that
connection. (CVE-2016-2110)

* It was discovered that Samba configured as a Domain Controller would establish
a secure communication channel with a machine using a spoofed computer name. A
remote attacker able to observe network traffic could use this flaw to obtain
session-related information about the spoofed machine. (CVE-2016-2111)

Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of
CVE-2016-2118 and CVE-2016-2110.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the smb service will be restarted automatically.

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
samba-3.0.33-3.41.el5_11.src.rpm     MD5: f4b6fe961c8c5c1a1366c87bb92bcb4b
SHA-256: 3cdec38cef12c4efcce23e315783820f321e054b76f48377e595915c7bb835e5
 
IA-32:
libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm     MD5: df9d759bbc558eaf367ba8904185acec
SHA-256: c0fda9223806127b37f88574b20e5954964e8e6606f4ef39d8f786ab1ac34ecd
samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm     MD5: ebb78f52923ca16a5afa3d080ab9ef0e
SHA-256: ee5212bffd5d80d8a7ef7b86bb93a8bb21668bfe5d5bf0d8b13a46fa921c0f9f
 
x86_64:
libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm     MD5: df9d759bbc558eaf367ba8904185acec
SHA-256: c0fda9223806127b37f88574b20e5954964e8e6606f4ef39d8f786ab1ac34ecd
libsmbclient-devel-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 06eb5a0b1229441637486ed3ac9ecce7
SHA-256: 80b4f335ff524e255578f3cdf57590fa090bc8657a03be723042d47505590790
samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm     MD5: ebb78f52923ca16a5afa3d080ab9ef0e
SHA-256: ee5212bffd5d80d8a7ef7b86bb93a8bb21668bfe5d5bf0d8b13a46fa921c0f9f
samba-debuginfo-3.0.33-3.41.el5_11.x86_64.rpm     MD5: d0155f0151500074230b14feabeef6d3
SHA-256: 089e20c872eb8d2b6e621126de96f25361a9280498907b557ea9221f304d8add
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
samba-3.0.33-3.41.el5_11.src.rpm     MD5: f4b6fe961c8c5c1a1366c87bb92bcb4b
SHA-256: 3cdec38cef12c4efcce23e315783820f321e054b76f48377e595915c7bb835e5
 
IA-32:
libsmbclient-3.0.33-3.41.el5_11.i386.rpm     MD5: 674db6c6116736f321586867740df932
SHA-256: e181838e02bccbf1101a57be49a878489575ef58f79afd057b6502dd4de9ffd1
libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm     MD5: df9d759bbc558eaf367ba8904185acec
SHA-256: c0fda9223806127b37f88574b20e5954964e8e6606f4ef39d8f786ab1ac34ecd
samba-3.0.33-3.41.el5_11.i386.rpm     MD5: 0c13ef122edf3ca65056cd5523bc3451
SHA-256: 97e25b74ab8327c7c121cafb9aa4d50229146195c4ebb5fed848ee6a9a117a3c
samba-client-3.0.33-3.41.el5_11.i386.rpm     MD5: 6cca693734b23f002ca34646910a702e
SHA-256: 33106606080580396d9dddbd325b9902a212afb4e7cbba13537e30a287838aef
samba-common-3.0.33-3.41.el5_11.i386.rpm     MD5: 9ea788fedeccd98062ab4b45b5014294
SHA-256: 807819894d04dcf1f0e60ad96269905c630539e446dc59f78975af72fea65870
samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm     MD5: ebb78f52923ca16a5afa3d080ab9ef0e
SHA-256: ee5212bffd5d80d8a7ef7b86bb93a8bb21668bfe5d5bf0d8b13a46fa921c0f9f
samba-swat-3.0.33-3.41.el5_11.i386.rpm     MD5: e4c48fe8ee5ea9440a6bf711e31179ee
SHA-256: 522cb06e96cd6d7dfb437c227e99885cc9e25b8fca6863373c11d179a6804a0c
 
IA-64:
libsmbclient-3.0.33-3.41.el5_11.ia64.rpm     MD5: 43c6206c9ea3b3bf34df270c0a8bbfaa
SHA-256: 5ddb859bd322959e640a024bd42f071c5bf852ef91d2f053c7ee39ef1ba8b639
libsmbclient-devel-3.0.33-3.41.el5_11.ia64.rpm     MD5: 127ebf7a15755711759e53b3c1485c67
SHA-256: 00316fdeae234a616b8603e0d2a82001a026cf56b13a3323149993047ce29c8e
samba-3.0.33-3.41.el5_11.ia64.rpm     MD5: 9c4640f858e5f8452bf6a2dd3580604c
SHA-256: 351c84e3e90572306f084b17f065fc944383826ddff4e29a279f3ed8e260ccb7
samba-client-3.0.33-3.41.el5_11.ia64.rpm     MD5: 61f2781012c117c1539e133a559cffb8
SHA-256: e66b9e0a5bbbfa73a62df96a05e0c28b742fec83fcdf17ea0b2bac3edc5f2e2e
samba-common-3.0.33-3.41.el5_11.ia64.rpm     MD5: f580c46db772ca45ab100da9780ea699
SHA-256: a328437f5ece44c6f3f0c0b9b3b7bff7aae51719eb3b8ad13a9dd8382137d9f8
samba-debuginfo-3.0.33-3.41.el5_11.ia64.rpm     MD5: 664289ed0f73bacabd16ff6968e2e652
SHA-256: 2938b05791c44389fe6a174c8c05d2d6be5145b965e37a83fef9238625a74be8
samba-swat-3.0.33-3.41.el5_11.ia64.rpm     MD5: d004feccfc9b6d0976197ffc1375b288
SHA-256: 9e32c05b22c31fc4516b684460530b9fb8164644d29761a6e956e3c58412d67c
 
PPC:
libsmbclient-3.0.33-3.41.el5_11.ppc.rpm     MD5: 105c712b374e5d2c352717cc293873aa
SHA-256: 45074b9db2b4f0cecaebc2e4cfea56100c77e224414660c50ef0af4f7083c6fd
libsmbclient-3.0.33-3.41.el5_11.ppc64.rpm     MD5: 4b5358307e638e33df65c38aa68a8160
SHA-256: 88888b60f33d75c371917d8f486888d5997d4cdaf2044ed16a9941bc9b2f3129
libsmbclient-devel-3.0.33-3.41.el5_11.ppc.rpm     MD5: e91d5aeb7bba5733f1bcd11c59e9f0e1
SHA-256: 3c739083bad3b1a6994f54f6b04ea51630b9ed6ceae6ae5683b0ae9151000c8f
libsmbclient-devel-3.0.33-3.41.el5_11.ppc64.rpm     MD5: 7d93f841eaaa7613459d91bbea1f0a3b
SHA-256: fb4dd124df76552d98be8d28ac77a6506c9d149b5e7922f2e26b1ee50a0d9d62
samba-3.0.33-3.41.el5_11.ppc.rpm     MD5: 3aa9f8dfee3521cb36ac9fa1605e7d8b
SHA-256: 89fa370b085fc60a8c7e835496f16c07bebe609aa07622a84e569c45dbdfd0d9
samba-client-3.0.33-3.41.el5_11.ppc.rpm     MD5: 8bbaef8d2aed4c8996b03fe1fef7719f
SHA-256: 45cd606079095a9fbeed3ec72e16339e9ccd11e2e970789e8bedb36c8606b4c7
samba-common-3.0.33-3.41.el5_11.ppc.rpm     MD5: 0c8257981802713dd20d56f5e78614d6
SHA-256: 73a520835a8c496c36d739c4b4fa4840f46dd49a38c82bed33d46eb27f0242a7
samba-common-3.0.33-3.41.el5_11.ppc64.rpm     MD5: b5a759075fe95acbedd503b961db9d4a
SHA-256: df475dc01fdb8fd60f5412ba10dbddee9b2ec380bb87efd82352583276c0b49d
samba-debuginfo-3.0.33-3.41.el5_11.ppc.rpm     MD5: 22c24a5be65e15ca0212a2b99fc7c2f3
SHA-256: d86b99615a59382842429bade2da06605d882b6ebc4973d788bb1d0475ffc657
samba-debuginfo-3.0.33-3.41.el5_11.ppc64.rpm     MD5: 0bb53266ba79f82dd772075cbc96c99f
SHA-256: a2c8a18ef8a80beac4c57750fc6f3b15943cde51a178ef5215ee63eb4a20d9b5
samba-swat-3.0.33-3.41.el5_11.ppc.rpm     MD5: eb139a03d4425aae382f08c846a41116
SHA-256: fb50f2fb2d9b0dc688694dfefcb6f36bd7368ab3ea97fc34e1b24bed85e77ead
 
s390x:
libsmbclient-3.0.33-3.41.el5_11.s390.rpm     MD5: 144a23284e240e61d0bb21a6584c56b8
SHA-256: f9e8dee12cafa95bbd6216715316ae9c3f682648dada3ed88bad1e05148188fb
libsmbclient-3.0.33-3.41.el5_11.s390x.rpm     MD5: 1855ebe5be0ed9b1bfafceba0e0d93bd
SHA-256: 9bed20bc3f29c5dc995d3af9d41f873fbbfca73a6f9a16afbb836e969dacc7e7
libsmbclient-devel-3.0.33-3.41.el5_11.s390.rpm     MD5: fbc7cbd459fb7b2335468036e5f56775
SHA-256: 2bdbd5ae0d0852a833a4e9b0c6cef8f91d650b944a82636ccf8ead5e1cc7b7d5
libsmbclient-devel-3.0.33-3.41.el5_11.s390x.rpm     MD5: 3ea2f562843a5413faafb2c3f4d66d7f
SHA-256: 9ddd636057e87c49d6981bd0bd528415de51a898aab1e06622695af8da6f3f15
samba-3.0.33-3.41.el5_11.s390x.rpm     MD5: 9cc70db4c6977cfdda8cfe742ccfc80c
SHA-256: 7e65c2641bce057b21607ae0d8b031c73b0e1ec832972fd8d5838649ed4bad8a
samba-client-3.0.33-3.41.el5_11.s390x.rpm     MD5: 2459238d9614219338b523ae47ab58e9
SHA-256: 697be1dc9d0747318625035894bd9070b981e35b938df8041c12e365f13d24f4
samba-common-3.0.33-3.41.el5_11.s390.rpm     MD5: c81b40ea127d7c4b1ad17530b7c96d06
SHA-256: a8ce6974f3e809115e1d050d5d1b28cffe8bd778c586ffab27df57c7812b4021
samba-common-3.0.33-3.41.el5_11.s390x.rpm     MD5: 3a6eb6acaf02c21c7bd94667ca0b80f6
SHA-256: 0c00912824c0b7e8173e9463126e3c8514e154aede5f4181e6bc01427be4cc56
samba-debuginfo-3.0.33-3.41.el5_11.s390.rpm     MD5: 237ed86d67bf5092d2e037f758ee8a8f
SHA-256: 291b6400d08c4713df98183c0623e2fb0b138c5ba8284fcb0eef1b524715bf8e
samba-debuginfo-3.0.33-3.41.el5_11.s390x.rpm     MD5: 2d1a3fb401c903cf519d5d7807e40c66
SHA-256: b2e4362be99b0b9a4f6a0174898ceb51786dbe52f08544edb535e9669d2e0702
samba-swat-3.0.33-3.41.el5_11.s390x.rpm     MD5: b2d78d6d206368ad7d2f403a8b04f31d
SHA-256: 6b582967667528a4621e4c103c66faaf1416b59c5d6946a333eb8b7ca126d6f8
 
x86_64:
libsmbclient-3.0.33-3.41.el5_11.i386.rpm     MD5: 674db6c6116736f321586867740df932
SHA-256: e181838e02bccbf1101a57be49a878489575ef58f79afd057b6502dd4de9ffd1
libsmbclient-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 0cef42adbc8f74379d275a19430907d5
SHA-256: add4d235c0b6399eeff319e63df058d129b5239e1810b1480e20963952d27152
libsmbclient-devel-3.0.33-3.41.el5_11.i386.rpm     MD5: df9d759bbc558eaf367ba8904185acec
SHA-256: c0fda9223806127b37f88574b20e5954964e8e6606f4ef39d8f786ab1ac34ecd
libsmbclient-devel-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 06eb5a0b1229441637486ed3ac9ecce7
SHA-256: 80b4f335ff524e255578f3cdf57590fa090bc8657a03be723042d47505590790
samba-3.0.33-3.41.el5_11.x86_64.rpm     MD5: d81ec5d12cc2ab8c8fd6813c1ad5a112
SHA-256: 1619806f615cdee0da6e641f24c2b14c1d3c19659f50afe69698ebe22365fc13
samba-client-3.0.33-3.41.el5_11.x86_64.rpm     MD5: e0be586ad0d63bf1206df8347eb58ca4
SHA-256: a3957350f65d6f59556d7dd30ce4ef48228b2497eb9c8c820399a23bf5821f22
samba-common-3.0.33-3.41.el5_11.i386.rpm     MD5: 9ea788fedeccd98062ab4b45b5014294
SHA-256: 807819894d04dcf1f0e60ad96269905c630539e446dc59f78975af72fea65870
samba-common-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 8457fd0f4eb844a222f45d3a6dae3f0c
SHA-256: 80af10da2fc39237cd4b92e5b53f874413d2ebf32f39e332e6c573cf4c71ded7
samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm     MD5: ebb78f52923ca16a5afa3d080ab9ef0e
SHA-256: ee5212bffd5d80d8a7ef7b86bb93a8bb21668bfe5d5bf0d8b13a46fa921c0f9f
samba-debuginfo-3.0.33-3.41.el5_11.x86_64.rpm     MD5: d0155f0151500074230b14feabeef6d3
SHA-256: 089e20c872eb8d2b6e621126de96f25361a9280498907b557ea9221f304d8add
samba-swat-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 9ba128e4292631c75c118fde0576fd42
SHA-256: d703fc9d41721e0cfc3f620d33a9dbbef783d3902286691520825d2140f02457
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
samba-3.0.33-3.41.el5_11.src.rpm     MD5: f4b6fe961c8c5c1a1366c87bb92bcb4b
SHA-256: 3cdec38cef12c4efcce23e315783820f321e054b76f48377e595915c7bb835e5
 
IA-32:
libsmbclient-3.0.33-3.41.el5_11.i386.rpm     MD5: 674db6c6116736f321586867740df932
SHA-256: e181838e02bccbf1101a57be49a878489575ef58f79afd057b6502dd4de9ffd1
samba-3.0.33-3.41.el5_11.i386.rpm     MD5: 0c13ef122edf3ca65056cd5523bc3451
SHA-256: 97e25b74ab8327c7c121cafb9aa4d50229146195c4ebb5fed848ee6a9a117a3c
samba-client-3.0.33-3.41.el5_11.i386.rpm     MD5: 6cca693734b23f002ca34646910a702e
SHA-256: 33106606080580396d9dddbd325b9902a212afb4e7cbba13537e30a287838aef
samba-common-3.0.33-3.41.el5_11.i386.rpm     MD5: 9ea788fedeccd98062ab4b45b5014294
SHA-256: 807819894d04dcf1f0e60ad96269905c630539e446dc59f78975af72fea65870
samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm     MD5: ebb78f52923ca16a5afa3d080ab9ef0e
SHA-256: ee5212bffd5d80d8a7ef7b86bb93a8bb21668bfe5d5bf0d8b13a46fa921c0f9f
samba-swat-3.0.33-3.41.el5_11.i386.rpm     MD5: e4c48fe8ee5ea9440a6bf711e31179ee
SHA-256: 522cb06e96cd6d7dfb437c227e99885cc9e25b8fca6863373c11d179a6804a0c
 
x86_64:
libsmbclient-3.0.33-3.41.el5_11.i386.rpm     MD5: 674db6c6116736f321586867740df932
SHA-256: e181838e02bccbf1101a57be49a878489575ef58f79afd057b6502dd4de9ffd1
libsmbclient-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 0cef42adbc8f74379d275a19430907d5
SHA-256: add4d235c0b6399eeff319e63df058d129b5239e1810b1480e20963952d27152
samba-3.0.33-3.41.el5_11.x86_64.rpm     MD5: d81ec5d12cc2ab8c8fd6813c1ad5a112
SHA-256: 1619806f615cdee0da6e641f24c2b14c1d3c19659f50afe69698ebe22365fc13
samba-client-3.0.33-3.41.el5_11.x86_64.rpm     MD5: e0be586ad0d63bf1206df8347eb58ca4
SHA-256: a3957350f65d6f59556d7dd30ce4ef48228b2497eb9c8c820399a23bf5821f22
samba-common-3.0.33-3.41.el5_11.i386.rpm     MD5: 9ea788fedeccd98062ab4b45b5014294
SHA-256: 807819894d04dcf1f0e60ad96269905c630539e446dc59f78975af72fea65870
samba-common-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 8457fd0f4eb844a222f45d3a6dae3f0c
SHA-256: 80af10da2fc39237cd4b92e5b53f874413d2ebf32f39e332e6c573cf4c71ded7
samba-debuginfo-3.0.33-3.41.el5_11.i386.rpm     MD5: ebb78f52923ca16a5afa3d080ab9ef0e
SHA-256: ee5212bffd5d80d8a7ef7b86bb93a8bb21668bfe5d5bf0d8b13a46fa921c0f9f
samba-debuginfo-3.0.33-3.41.el5_11.x86_64.rpm     MD5: d0155f0151500074230b14feabeef6d3
SHA-256: 089e20c872eb8d2b6e621126de96f25361a9280498907b557ea9221f304d8add
samba-swat-3.0.33-3.41.el5_11.x86_64.rpm     MD5: 9ba128e4292631c75c118fde0576fd42
SHA-256: d703fc9d41721e0cfc3f620d33a9dbbef783d3902286691520825d2140f02457
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication
1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured
1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/