RHSA-2016:0011: samba security update
|5||(AV:N/AC:L/Au:N/C:P/I:N/A:N)||December 29, 2015||January 18, 2016||March 21, 2018|
Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.A man-in-the-middle vulnerability was found in the way "connection signing"was implemented by Samba. A remote attacker could use this flaw todowngrade an existing Samba client connection and force the use of plaintext. (CVE-2015-5296)A missing access control flaw was found in Samba. A remote, authenticatedattacker could use this flaw to view the current snapshot on a Samba share,despite not having DIRECTORY_LIST access rights. (CVE-2015-5299)An access flaw was found in the way Samba verified symbolic links whencreating new files on a Samba share. A remote attacker could exploit thisflaw to gain access to files outside of Samba's share path. (CVE-2015-5252)Red Hat would like to thank the Samba project for reporting these issues.Upstream acknowledges Stefan Metzmacher of the Samba Team and Sernet.de asthe original reporters of CVE-2015-5296, firstname.lastname@example.org as the originalreporter of CVE-2015-5299, Jan "Yenya" Kasprzak and the Computer SystemsUnit team at Faculty of Informatics, Masaryk University as the originalreporters of CVE-2015-5252.All samba users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, the smb service will be restarted automatically.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
- Alpine Linux: CVE-2015-5296: samba Several vulnerabilities
- Alpine Linux: CVE-2015-5252: samba Several vulnerabilities
- Oracle Solaris 11: CVE-2015-5299: Vulnerability in Samba
- RHSA-2016:0006: samba security update
- Samba CVE-2015-5252: Numerous CVEs. Please see the announcements for details.
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Oracle Solaris 11: CVE-2015-5296: Vulnerability in Samba
- FreeBSD: samba -- multiple vulnerabilities (Multiple CVEs)
- Gentoo Linux: CVE-2015-5299: Samba: Multiple vulnerabilities
- Gentoo Linux: CVE-2015-5252: Samba: Multiple vulnerabilities
- Samba CVE-2015-5296: Numerous CVEs. Please see the announcements for details.
- Gentoo Linux: CVE-2015-5296: Samba: Multiple vulnerabilities
- ELSA-2016-0011 Moderate: Oracle Linux samba security update
- Alpine Linux: CVE-2015-5299: samba Several vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- Amazon Linux AMI: Security patch for samba (ALAS-2016-634) (multiple CVEs)
- ELSA-2016-0006 Moderate: Oracle Linux samba security update
- RHSA-2016:0010: samba4 security update
- Samba CVE-2015-5299: Numerous CVEs. Please see the announcements for details.
- Oracle Solaris 11: CVE-2015-5252: Vulnerability in Samba
- ELSA-2016-0010 Moderate: Oracle Linux samba4 security update