Bugzilla – Bug 958584
VUL-0: CVE-2015-5296: samba: No man in the middle protection when forcing smb encryption on the client side
Last modified: 2016-04-20 10:12:34 UTC
no samba 3 patches were attached
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Dec. 17, 2015". When done, reassign the bug to "security-team@suse.de". /update/121110/.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-12-24. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62372
An update workflow for this issue was started. This issue was rated as "moderate". Please submit fixed packages until "Dec. 17, 2015". When done, reassign the bug to "security-team@suse.de". /update/62372/.
bugbot adjusting priority
is public https://www.samba.org/samba/security/CVE-2015-5296.html =========================================================== == Subject: Samba client requesting encryption vulnerable == to downgrade attack. == == CVE ID#: CVE-2015-5296 == == Versions: Samba versions 3.2.0 to 4.3.2 == == Summary: Requesting encryption should also request == signing when setting up the connection to == protect against man-in-the-middle attacks. == =========================================================== =========== Description =========== Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that signing is negotiated when creating an encrypted client connection to a server. Without this a man-in-the-middle attack could downgrade the connection and connect using the supplied credentials as an unsigned, unencrypted connection. ================== Patch Availability ================== Patches addressing this defect have been posted to https://www.samba.org/samba/history/security.html Additionally, Samba 4.3.3, 4.2.7 and 4.1.22 have been issued as security releases to correct the defect. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. =========== Workarounds =========== When using the smbclient command, always add the argument "--signing=required" when using the "-e" or "--encrypt" argument. Alternatively, set the variable "client signing = mandatory" in the [global] section of the smb.conf file on any client using encrypted connections. To protect a Samba server exporting encrypted shares against a downgrade attack set the variable "smb encrypt = mandatory" in the smb.conf definition of the encrypted shares. ======= Credits ======= This problem was found by Stefan Metzmacher of SerNet (www.sernet.com) and the Samba Team, who also provided the fix.
This is an autogenerated message for OBS integration: This bug (958584) was mentioned in https://build.opensuse.org/request/show/349211 Factory / samba
SUSE-SU-2015:2304-1: An update that solves 6 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 295284,773464,872912,901813,902421,910378,912457,913304,923374,931854,936909,939051,947552,949022,951660,953382,954658,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1 SUSE Linux Enterprise Server 12 (src): ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1 SUSE Linux Enterprise Desktop 12 (src): ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1
SUSE-SU-2015:2305-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 949022,951660,954658,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1 SUSE Linux Enterprise Server 12-SP1 (src): ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1
Submitted for gplv3 repo in SLE10-SP3. SLE11-SP1 also submitted but it complained. If needed, the SLE11-SP1 package is in: home:lmuelle:branches:OBS_Maintained:samba
openSUSE-SU-2015:2354-1: An update that solves 6 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 949022,951660,954658,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467 Sources used: openSUSE Leap 42.1 (src): ldb-1.1.24-7.1, samba-4.2.4-9.2, talloc-2.1.5-7.1, tdb-1.3.8-7.1, tevent-0.9.26-7.1
openSUSE-SU-2015:2356-1: An update that solves 7 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 939050,939051,949022,951660,953382,954658,958580,958581,958582,958583,958584,958585,958586 CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-7540,CVE-2015-8467 Sources used: openSUSE 13.2 (src): ldb-1.1.24-3.4.1, samba-4.1.22-21.1, talloc-2.1.5-2.6.1, tdb-1.3.8-3.1, tevent-0.9.26-3.1 openSUSE 13.1 (src): ldb-1.1.24-3.7.1, samba-4.1.22-3.46.1, talloc-2.1.5-7.10.1, tdb-1.3.8-4.7.1, tevent-0.9.26-4.7.1
SUSE-SU-2016:0032-1: An update that solves four vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 295284,773464,901813,912457,913304,934299,948244,949022,958582,958583,958584,958586 CVE References: CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): samba-3.6.3-45.2, samba-doc-3.6.3-45.2 SUSE Linux Enterprise Debuginfo 11-SP2 (src): samba-3.6.3-45.2
done
SUSE-SU-2016:0164-1: An update that solves four vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 295284,912457,934299,936909,948244,949022,953382,958582,958583,958584,958586 CVE References: CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): samba-3.6.3-64.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): samba-3.6.3-64.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): samba-3.6.3-64.1, samba-doc-3.6.3-64.1 SUSE Linux Enterprise Server 11-SP4 (src): samba-3.6.3-64.1, samba-doc-3.6.3-64.1 SUSE Linux Enterprise Server 11-SP3 (src): samba-3.6.3-64.1, samba-doc-3.6.3-64.1 SUSE Linux Enterprise Desktop 11-SP4 (src): samba-3.6.3-64.1, samba-doc-3.6.3-64.1 SUSE Linux Enterprise Desktop 11-SP3 (src): samba-3.6.3-64.1, samba-doc-3.6.3-64.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): samba-3.6.3-64.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): samba-3.6.3-64.1
openSUSE-SU-2016:1064-1: An update that solves 16 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 898031,901813,912457,913238,913547,914279,917376,919309,924519,936862,942716,946051,947552,949022,958581,958582,958583,958584,958585,958586,964023,966271,968222,968973,971965,972197,973031,973032,973033,973034,973036,973832,974629 CVE References: CVE-2014-8143,CVE-2015-0240,CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2015-8467,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE 13.2 (src): samba-4.2.4-34.1
openSUSE-SU-2016:1106-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE 13.1 (src): samba-4.2.4-3.54.2
openSUSE-SU-2016:1107-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE Evergreen 11.4 (src): samba-3.6.3-141.1, samba-doc-3.6.3-141.1