Bug 958584 - (CVE-2015-5296) VUL-0: CVE-2015-5296: samba: No man in the middle protection when forcing smb encryption on the client side
(CVE-2015-5296)
VUL-0: CVE-2015-5296: samba: No man in the middle protection when forcing smb...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:62372:moderate CVSSv2:S...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-10 06:37 UTC by Marcus Meissner
Modified: 2016-04-20 10:12 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 6 Marcus Meissner 2015-12-10 07:16:28 UTC
no samba 3 patches were attached
Comment 8 SMASH SMASH 2015-12-10 10:20:49 UTC
An update workflow for this issue was started.

This issue was rated as "moderate".
Please submit fixed packages until "Dec. 17, 2015".

When done, reassign the bug to "security-team@suse.de".
/update/121110/.
Comment 9 Swamp Workflow Management 2015-12-10 11:09:44 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-12-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62372
Comment 10 SMASH SMASH 2015-12-10 11:10:17 UTC
An update workflow for this issue was started.

This issue was rated as "moderate".
Please submit fixed packages until "Dec. 17, 2015".

When done, reassign the bug to "security-team@suse.de".
/update/62372/.
Comment 11 Swamp Workflow Management 2015-12-10 23:00:51 UTC
bugbot adjusting priority
Comment 14 Marcus Meissner 2015-12-16 11:53:11 UTC
is public

https://www.samba.org/samba/security/CVE-2015-5296.html

===========================================================
== Subject:     Samba client requesting encryption vulnerable
==		to downgrade attack.
==
== CVE ID#:     CVE-2015-5296
==
== Versions:    Samba versions 3.2.0 to 4.3.2
==
== Summary:     Requesting encryption should also request
==		signing when setting up the connection to
==		protect against man-in-the-middle attacks.
==
===========================================================

===========
Description
===========

Versions of Samba from 3.2.0 to 4.3.2 inclusive do not ensure that
signing is negotiated when creating an encrypted client connection to
a server.

Without this a man-in-the-middle attack could downgrade the connection
and connect using the supplied credentials as an unsigned, unencrypted
connection.

==================
Patch Availability
==================

Patches addressing this defect have been posted to

 https://www.samba.org/samba/history/security.html

Additionally, Samba 4.3.3, 4.2.7 and 4.1.22 have been issued as
security releases to correct the defect.
Samba vendors and administrators running affected versions are
advised to upgrade or apply the patch as soon as possible.

===========
Workarounds
===========

When using the smbclient command, always add the argument
"--signing=required" when using the "-e" or "--encrypt" argument.

Alternatively, set the variable "client signing = mandatory" in the
[global] section of the smb.conf file on any client using encrypted
connections.

To protect a Samba server exporting encrypted shares against a
downgrade attack set the variable "smb encrypt = mandatory" in the
smb.conf definition of the encrypted shares.

=======
Credits
=======

This problem was found by Stefan Metzmacher  of
SerNet (www.sernet.com) and the Samba Team, who also provided the
fix.
Comment 15 Bernhard Wiedemann 2015-12-16 17:00:47 UTC
This is an autogenerated message for OBS integration:
This bug (958584) was mentioned in
https://build.opensuse.org/request/show/349211 Factory / samba
Comment 16 Swamp Workflow Management 2015-12-18 20:14:49 UTC
SUSE-SU-2015:2304-1: An update that solves 6 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 295284,773464,872912,901813,902421,910378,912457,913304,923374,931854,936909,939051,947552,949022,951660,953382,954658,958581,958582,958583,958584,958585,958586
CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1
SUSE Linux Enterprise Server 12 (src):    ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1
SUSE Linux Enterprise Desktop 12 (src):    ldb-1.1.24-4.3.1, samba-4.1.12-18.3.1, talloc-2.1.5-3.4.1, tdb-1.3.8-2.3.1, tevent-0.9.26-3.3.1
Comment 17 Swamp Workflow Management 2015-12-18 21:12:23 UTC
SUSE-SU-2015:2305-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 949022,951660,954658,958581,958582,958583,958584,958585,958586
CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1
SUSE Linux Enterprise Server 12-SP1 (src):    ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ldb-1.1.24-4.1, samba-4.2.4-6.1, talloc-2.1.5-4.1, tdb-1.3.8-4.1, tevent-0.9.26-4.1
Comment 18 James McDonough 2015-12-23 22:19:13 UTC
Submitted for gplv3 repo in SLE10-SP3.  SLE11-SP1 also submitted but it complained.

If needed, the SLE11-SP1 package is in:
home:lmuelle:branches:OBS_Maintained:samba
Comment 19 Swamp Workflow Management 2015-12-24 02:12:08 UTC
openSUSE-SU-2015:2354-1: An update that solves 6 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 949022,951660,954658,958581,958582,958583,958584,958585,958586
CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-8467
Sources used:
openSUSE Leap 42.1 (src):    ldb-1.1.24-7.1, samba-4.2.4-9.2, talloc-2.1.5-7.1, tdb-1.3.8-7.1, tevent-0.9.26-7.1
Comment 20 Swamp Workflow Management 2015-12-24 15:12:36 UTC
openSUSE-SU-2015:2356-1: An update that solves 7 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 939050,939051,949022,951660,953382,954658,958580,958581,958582,958583,958584,958585,958586
CVE References: CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-7540,CVE-2015-8467
Sources used:
openSUSE 13.2 (src):    ldb-1.1.24-3.4.1, samba-4.1.22-21.1, talloc-2.1.5-2.6.1, tdb-1.3.8-3.1, tevent-0.9.26-3.1
openSUSE 13.1 (src):    ldb-1.1.24-3.7.1, samba-4.1.22-3.46.1, talloc-2.1.5-7.10.1, tdb-1.3.8-4.7.1, tevent-0.9.26-4.7.1
Comment 21 Swamp Workflow Management 2016-01-05 19:17:08 UTC
SUSE-SU-2016:0032-1: An update that solves four vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 295284,773464,901813,912457,913304,934299,948244,949022,958582,958583,958584,958586
CVE References: CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    samba-3.6.3-45.2, samba-doc-3.6.3-45.2
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    samba-3.6.3-45.2
Comment 22 Marcus Meissner 2016-01-11 13:04:50 UTC
done
Comment 25 Swamp Workflow Management 2016-01-19 12:14:39 UTC
SUSE-SU-2016:0164-1: An update that solves four vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 295284,912457,934299,936909,948244,949022,953382,958582,958583,958584,958586
CVE References: CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    samba-3.6.3-64.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    samba-3.6.3-64.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    samba-3.6.3-64.1, samba-doc-3.6.3-64.1
SUSE Linux Enterprise Server 11-SP4 (src):    samba-3.6.3-64.1, samba-doc-3.6.3-64.1
SUSE Linux Enterprise Server 11-SP3 (src):    samba-3.6.3-64.1, samba-doc-3.6.3-64.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    samba-3.6.3-64.1, samba-doc-3.6.3-64.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    samba-3.6.3-64.1, samba-doc-3.6.3-64.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    samba-3.6.3-64.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    samba-3.6.3-64.1
Comment 26 Swamp Workflow Management 2016-04-17 13:15:06 UTC
openSUSE-SU-2016:1064-1: An update that solves 16 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 898031,901813,912457,913238,913547,914279,917376,919309,924519,936862,942716,946051,947552,949022,958581,958582,958583,958584,958585,958586,964023,966271,968222,968973,971965,972197,973031,973032,973033,973034,973036,973832,974629
CVE References: CVE-2014-8143,CVE-2015-0240,CVE-2015-3223,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2015-8467,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2115,CVE-2016-2118
Sources used:
openSUSE 13.2 (src):    samba-4.2.4-34.1
Comment 27 Swamp Workflow Management 2016-04-20 10:09:27 UTC
openSUSE-SU-2016:1106-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036
CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118
Sources used:
openSUSE 13.1 (src):    samba-4.2.4-3.54.2
Comment 28 Swamp Workflow Management 2016-04-20 10:12:34 UTC
openSUSE-SU-2016:1107-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036
CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118
Sources used:
openSUSE Evergreen 11.4 (src):    samba-3.6.3-141.1, samba-doc-3.6.3-141.1