samba3x 的更新现在可用于 Red Hat Enterprise Linux 5。

Red Hat 产品安全团队已将此更新评级为具有重要安全影响。可从“参考”部分中的 CVE 链接获取通用漏洞评分系统 (CVSS) 基本分数，其针对每个漏洞给出了详细的严重性等级。

Samba 是服务器消息块 (SMB) 或通用 Internet 文件系统 (CIFS) 协议的开源实现，允许兼容 PC 的计算机共享文件、打印机和其他信息。

安全补丁：

* 在 Samba 的 DCE/RPC 协议实现中发现多种缺陷。经认证的远程攻击者可利用这些缺陷，对 Samba 服务器造成拒绝服务 (高 CPU 负载或崩溃)，或可能以运行 Samba 的用户的权限（根权限）执行任意代码。中间人攻击者也可利用此缺陷，通过控制 Active Directory (AD) 对象并危及 Samba Active Directory 域控制器 (DC) 的安全，将安全 DCE/RPC 连接降级。
(CVE-2015-5370)

注意：虽然 Red Hat Enterprise Linux 随附的 Samba 程序包不支持以 AD DC 运行 Samba，但此缺陷仍影响所有角色 Samba 实现。

* 在 Security Account Manager Remote 协议 (MS-SAMR) 和本地安全机构（域策略）远程协议 (MS-LSAD) 中发现一个协议缺陷，公开称为 Badlock。中间人攻击者可利用客户端针对服务器初始化的任何经认证的 DCE/RPC 连接，针对服务器上的 SAMR 或 LSA 服务冒充经认证的用户。
因此，攻击者能够获得 Security Account Manager 数据库的读/写权限，并利用此问题泄露该数据库中的所有密码或其他任何潜在的敏感信息。(CVE-2016-2118)

* 在 Samba 的 NTLMSSP 认证实现中发现多个缺陷。未经认证的中间人攻击者可利用此缺陷，清除连接的加密和完整性标记，进而造成以纯文本传输数据。即使针对该连接明确要求加密，攻击者也可强制客户端或服务器以纯文本发送数据。
(CVE-2016-2110)

* 发现配置为域控制器的 Samba 会使用伪造的计算机名称，建立与机器的安全通信通道。能够观察网络流量的远程攻击者可利用此缺陷，取得关于伪造机器的会话相关信息。(CVE-2016-2111)

* 发现 Samba 的 LDAP 实现未针对 LDAP 连接强制执行完整性保护。中间人攻击者可利用此缺陷，将 LDAP 连接降级为不使用完整性保护，进而允许其劫持此类连接。
(CVE-2016-2112)

* 发现 Samba 默认未针对 IPC 流量启用完整性保护。中间人攻击者可利用此缺陷，查看并修改在 Samba 服务器和客户端之间发送的数据。
(CVE-2016-2115)

Red Hat 在此感谢 Samba 项目报告这些问题。上游感谢 CVE-2015-5370 的原始报告者 Jouni Knuutinen (Synopsis)，以及 CVE-2016-2118、CVE-2016-2110、CVE-2016-2112 和 CVE-2016-2115 的原始报告者 Stefan Metzmacher (SerNet)。

来自 Red Hat 安全公告 2016:0621：

samba 更新现可用于 Red Hat Enterprise Linux 5。

Red Hat 产品安全团队将此更新评级为具有重要安全影响。可从“参考”部分中的 CVE 链接获取通用漏洞评分系统 (CVSS) 基本分数，其针对每个漏洞给出了详细的严重性等级。

[更新于 2016 年 4 月 14 日] 此公告之前未正确列出 CVE-2016-2112 问题（该问题已由此更新解决）。不过，此问题不会影响 Red Hat Enterprise Linux 5 中的 samba程序包。
CVE-2016-2115 也未正确列出（该问题已由此更新解决）。此问题不会影响 Red Hat Enterprise Linux 5 中的 samba 程序包。建议客户使用 smb.conf 文件中的“client signing = required”配置选项来缓解 CVE-2016-2115 的影响。未对程序包进行更改。

Samba 是服务器消息块 (SMB) 协议与相关通用 Internet 文件系统 (CIFS) 协议的开源实现，允许兼容 PC 的计算机共享文件、打印机和多种信息。

安全补丁：

* 在 Security Account Manager Remote 协议 (MS-SAMR) 和本地安全机构（域策略）远程协议 (MS-LSAD) 中发现一个协议缺陷，公开称为 Badlock。中间人攻击者可利用客户端针对服务器初始化的任何经认证的 DCE/RPC 连接，针对服务器上的 SAMR 或 LSA 服务冒充经认证的用户。
因此，攻击者能够获得 Security Account Manager 数据库的读/写权限，并利用此问题泄露该数据库中的所有密码或其他任何潜在的敏感信息。(CVE-2016-2118)

* 在 Samba 的 NTLMSSP 认证实现中发现多个缺陷。未经认证的中间人攻击者可利用此缺陷，清除连接的加密和完整性标记，进而造成以纯文本传输数据。即使针对该连接明确要求加密，攻击者也可强制客户端或服务器以纯文本发送数据。
(CVE-2016-2110)

* 发现配置为域控制器的 Samba 会使用伪造的计算机名称，建立与机器的安全通信通道。能够观察网络流量的远程攻击者可利用此缺陷，取得关于伪造机器的会话相关信息。(CVE-2016-2111)

Red Hat 在此感谢 Samba 项目报告这些问题。上游感谢 CVE-2016-2118 和 CVE-2016-2110 的原始报告者 Stefan Metzmacher (SerNet)。

远程 Redhat Enterprise Linux 5 主机上安装的程序包受到 RHSA-2016:0613 公告中提及的多个漏洞影响。

  - samba：由于缺少错误检查，dcesrv_auth_bind_ack 中发生崩溃 (CVE-2015-5370)

  - samba：可能通过 NTLMSSP 认证进行的中间人攻击 (CVE-2016-2110)

  - samba：配置域控制器时的欺骗漏洞 (CVE-2016-2111)

  - samba：缺少降级检测 (CVE-2016-2112)

  - samba：当 smb 客户端连接用于 ipc 使用时，默认不需要 Smb 签名 (CVE-2016-2115)

  - samba：SAMR 和 LSA 中间人攻击 (CVE-2016-2118)

请注意，Nessus 尚未测试这些问题，而是只依据应用程序自我报告的版本号进行判断。

现已提供适用于 Red Hat Enterprise Linux 5.6 Long Life 和 Red Hat Enterprise Linux 5.9 Long Life 的 samba3x 更新。

Red Hat 产品安全团队已将此更新评级为具有重要安全影响。可从“参考”部分中的 CVE 链接获取通用漏洞评分系统 (CVSS) 基本分数，其针对每个漏洞给出了详细的严重性等级。

Samba 是服务器消息块 (SMB) 或通用 Internet 文件系统 (CIFS) 协议的开源实现，允许兼容 PC 的计算机共享文件、打印机和其他信息。

安全补丁：

* 在 Samba 的 DCE/RPC 协议实现中发现多种缺陷。经认证的远程攻击者可利用这些缺陷，对 Samba 服务器造成拒绝服务 (高 CPU 负载或崩溃)，或可能以运行 Samba 的用户的权限（根权限）执行任意代码。中间人攻击者也可利用此缺陷，通过控制 Active Directory (AD) 对象并危及 Samba Active Directory 域控制器 (DC) 的安全，将安全 DCE/RPC 连接降级。
(CVE-2015-5370)

注意：虽然 Red Hat Enterprise Linux 随附的 Samba 程序包不支持以 AD DC 运行 Samba，但此缺陷仍影响所有角色 Samba 实现。

* 在 Security Account Manager Remote 协议 (MS-SAMR) 和本地安全机构（域策略）远程协议 (MS-LSAD) 中发现一个协议缺陷，公开称为 Badlock。中间人攻击者可利用客户端针对服务器初始化的任何经认证的 DCE/RPC 连接，针对服务器上的 SAMR 或 LSA 服务冒充经认证的用户。
因此，攻击者能够获得 Security Account Manager 数据库的读/写权限，并利用此问题泄露该数据库中的所有密码或其他任何潜在的敏感信息。(CVE-2016-2118)

* 在 Samba 的 NTLMSSP 认证实现中发现多个缺陷。未经认证的中间人攻击者可利用此缺陷，清除连接的加密和完整性标记，进而造成以纯文本传输数据。即使针对该连接明确要求加密，攻击者也可强制客户端或服务器以纯文本发送数据。
(CVE-2016-2110)

* 发现配置为域控制器的 Samba 会使用伪造的计算机名称，建立与机器的安全通信通道。能够观察网络流量的远程攻击者可利用此缺陷，取得关于伪造机器的会话相关信息。(CVE-2016-2111)

* 发现 Samba 的 LDAP 实现未针对 LDAP 连接强制执行完整性保护。中间人攻击者可利用此缺陷，将 LDAP 连接降级为不使用完整性保护，进而允许其劫持此类连接。
(CVE-2016-2112)

* 发现 Samba 默认未针对 IPC 流量启用完整性保护。中间人攻击者可利用此缺陷，查看并修改在 Samba 服务器和客户端之间发送的数据。
(CVE-2016-2115)

Red Hat 在此感谢 Samba 项目报告这些问题。上游感谢 CVE-2015-5370 的原始报告者 Jouni Knuutinen (Synopsis)，以及 CVE-2016-2118、CVE-2016-2110、CVE-2016-2112 和 CVE-2016-2115 的原始报告者 Stefan Metzmacher (SerNet)。

安全补丁：

- 在 Samba 的 DCE/RPC 协议实现中发现多种缺陷。经认证的远程攻击者可利用这些缺陷，对 Samba 服务器造成拒绝服务 (高 CPU 负载或崩溃)，或可能以运行 Samba 的用户的权限（根权限）执行任意代码。中间人攻击者也可利用此缺陷，通过控制 Active Directory (AD) 对象并危及 Samba Active Directory 域控制器 (DC) 的安全，将安全 DCE/RPC 连接降级。
 (CVE-2015-5370)

注意：虽然 Scientific Linux 随附的 Samba 程序包不支持以 AD DC 运行 Samba，但此缺陷仍影响所有角色 Samba 实现。

- 在 Security Account Manager Remote 协议 (MS-SAMR) 和本地安全机构（域策略）远程协议 (MS-LSAD) 中发现一个协议缺陷，公开称为 Badlock。中间人攻击者可利用客户端针对服务器初始化的任何经认证的 DCE/RPC 连接，针对服务器上的 SAMR 或 LSA 服务冒充经认证的用户。因此，攻击者能够获得 Security Account Manager 数据库的读/写权限，并利用此问题泄露该数据库中的所有密码或其他任何潜在的敏感信息。(CVE-2016-2118)

- 在 Samba 的 NTLMSSP 认证实现中发现多个缺陷。未经认证的中间人攻击者可利用此缺陷，清除连接的加密和完整性标记，进而造成以纯文本传输数据。即使针对该连接明确要求加密，攻击者也可强制客户端或服务器以纯文本发送数据。
 (CVE-2016-2110)

- 发现配置为域控制器的 Samba 会使用伪造的计算机名称，建立与机器的安全通信通道。能够观察网络流量的远程攻击者可利用此缺陷，取得关于伪造机器的会话相关信息。(CVE-2016-2111)

- 发现 Samba 的 LDAP 实现未针对 LDAP 连接强制执行完整性保护。中间人攻击者可利用此缺陷，将 LDAP 连接降级为不使用完整性保护，进而允许其劫持此类连接。
 (CVE-2016-2112)

- 发现 Samba 默认未针对 IPC 流量启用完整性保护。中间人攻击者可利用此缺陷，查看并修改在 Samba 服务器和客户端之间发送的数据。(CVE-2016-2115)

samba 已更新，修复了七个安全问题。

修复了这些安全问题：

- CVE-2015-5370：DCERPC 服务器和客户端容易遭受 DOS 和 MITM 攻击 (bsc#936862)。

- CVE-2016-2110：中间人可将 NTLMSSP 认证降级 (bsc#973031)。

- CVE-2016-2111：域控制器 netlogon 成员计算机可能遭到欺骗 (bsc#973032)。

- CVE-2016-2112：LDAP 连接容易遭受降级和 MITM 攻击 (bsc#973033)。

- CVE-2016-2113：TLS 证书验证缺失 (bsc#973034)。

- CVE-2016-2115：命名管道 IPC 容易遭受 MITM 攻击 (bsc#973036)。

- CVE-2016-2118：可能会发生经认证帐户的“Badlock”DCERPC 假冒 (bsc#971965)。

已修复下列非安全性问题：

- bsc#967017：修复 cli_set_mntpoint 函数中 libsmbclient 的内存泄漏

- 取得并设置符号链接的 Windows ACL，可更改链接的权限

请注意，Tenable Network Security 已直接从 SUSE 安全公告中提取上述描述块。Tenable 已尝试在不引入其他问题的情况下尽可能进行了自动整理和排版。

Samba 团队报告：

[CVE-2015-5370] Samba DCE-RPC 代码中的错误可导致拒绝服务（崩溃与高 CPU 消耗）和中间人攻击。

[CVE-2016-2110] NTLMSSP 的功能协商并未获得降级保护。中间人甚至可清除必要标记，尤其是 NTLMSSP_NEGOTIATE_SIGN 和 NTLMSSP_NEGOTIATE_SEAL。

[CVE-2016-2111] 当 Samba 配置为域控制器时，会允许远程攻击者通过运行构建的应用程序及利用嗅探网络流量的能力，伪造安全信道端点的计算机名称，并获取敏感信息。

[CVE-2016-2112] 中间人能够将 LDAP 连接降级为不使用完整性保护。

[CVE-2016-2113] 可能针对客户端触发的 LDAP 连接（使用 ldaps://）和 ncacn_http 连接（使用 https://），发动中间人攻击。

[CVE-2016-2114] 因为一个缺陷，Samba 并未强制所需的 smb 签署，即使已明确配置也一样。

[CVE-2016-2115] 对通过 ncacn_np 的 DCERPC 通信的保护（这对大多数与文件服务器相关的协议而言为默认设置）继承自底层 SMB 连接。

[CVE-2016-2118] 亦称 BADLOCK。中间人可以拦截客户端和服务器之间的任何 DCERPC 流量，以冒充客户端并获取与经认证的用户帐户相同的权限。这对于 Active Directory 域控制器是最大的问题。

为 Slackware 14.0、14.1 以及当前版本提供了用于修复安全问题的新 samba 程序包。

The version of Samba on the remote host is 4.3.x prior to 4.3.7 and is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)
 - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)
 - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)
 - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)
 - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)
  - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)

According to its banner, the version of Samba running on the remote host is 4.2.x prior to 4.2.11, 4.3.x prior to 4.3.8, or 4.4.x prior to 4.4.2. Therefore, it is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client that is triggered during the handling of specially crafted DCE-RPC packets. This may allow a remote attacker to conduct a MitM attack, downgrade a secure connection to an insecure one, cause a consumption of CPU resources, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication that may allow a MitM attacker to conduct multiple attacks. This may allow the attacker to clear 'NTLMSSP_NEGOTIATE_SIGN' and 'NTLMSSP_NEGOTIATE_SEAL', take over connections, cause traffic to be sent without encryption, or potentially have other impacts. (CVE-2016-2110)
 - A flaw exists in NETLOGON that is due to the program failing to properly establish a secure channel connection. This may allow a remote MitM attacker to spoof a secure channel's endpoints' computer name and potentially obtain session information. (CVE-2016-2111)
 - A flaw exists that is due to a lack of integrity protection mechanisms. This may allow a remote MitM attacker to downgrade a secure LDAP connection to an insecure version of the connection. (CVE-2016-2112)
 - A flaw exists as TLS certificates are not properly validated for the LDAP and HTTP protocols. By spoofing the server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2016-2113)
 - A flaw exists that is due to the program failing to enforce the 'server signing = mandatory' option in 'smb.conf' for clients using the SMB1 protocol. This may result in SMB signing not being properly required, potentially allowing a MitM attacker to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists that is due to the program failing to perform integrity checks for SMB client connections. As the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection, this may allow a MitM attacker to conduct spoofing attacks. (CVE-2016-2115)

The version of Samba on the remote host is 4.2.x prior to 4.2.10 and is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)
 - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)
 - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)
 - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)
 - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)
  - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)

The version of Samba on the remote host is 4.4.x prior to 4.4.1 and is affected by the following vulnerabilities :

 - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)
 - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)
 - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)
 - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)
 - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)
 - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)
 - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)
  - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)

The specific version of Samba that the system is running is reportedly affected by the following vulnerabilities:

- Samba contains a flaw in the DCE-RPC client that is triggered during the handling of specially crafted DCE-RPC packets. This may allow a remote attacker to conduct a man-in-the-middle attack, downgrade a secure connection to an insecure one, cause a consumption of CPU resources, or potentially execute arbitrary code. (CVE-2015-5370)

- Samba contains a flaw in its implementation of NTLMSSP authentication that may allow a man-in-the-middle attacker to conduct multiple attacks. This may allow the attacker to  clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL, take over connections, cause traffic to be sent without encryption, or potentially have other impacts. (CVE-2016-2110)

- Samba contains a flaw in NETLOGON that is due to the program failing to properly establish a secure channel connection. This may allow a remote man-in-the-middle attacker to spoof a secure channel's endpoints' computer name and potentially obtain session information. (CVE-2016-2111)

- Samba contains a flaw that is due to a lack of integrity protection mechanisms. This may allow a remote man-in-the-middle attacker to downgrade a secure LDAP connection to an insecure version of the connection. (CVE-2016-2112)

- Samba contains a flaw as TLS certificates are not properly validated for the LDAP and HTTP protocols. By spoofing the server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2016-2113)

- Samba contains a flaw that is due to the program failing to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. This may result in SMB signing not being properly required, potentially allowing a man-in-the-middle attacker to conduct spoofing attacks. (CVE-2016-2114)

- Samba contains a flaw that is due to the program failing to perform integrity checks for SMB client connections. As the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection, this may allow a man-in-the-middle attacker to conduct spoofing attacks. (CVE-2016-2115)

Versions of Samba prior to 4.2.10 / 4.2.11, 4.3.7 / 4.3.8 and 4.4.1 / 4.4.2 are unpatched for the badlock vulnerability.

ID	名稱	產品	系列	已發布	已更新	嚴重性
90451	CentOS 5：samba3x (CESA-2016:0613) (Badlock)	Nessus	CentOS Local Security Checks	2016/4/13	2021/1/4	high
90489	Oracle Linux 5：samba (ELSA-2016-0621) (Badlock)	Nessus	Oracle Linux Local Security Checks	2016/4/13	2024/10/22	high
90493	RHEL 5：samba3x (RHSA-2016:0613)	Nessus	Red Hat Local Security Checks	2016/4/13	2024/4/24	high
90500	RHEL 5：samba3x (RHSA-2016:0624) (Badlock)	Nessus	Red Hat Local Security Checks	2016/4/13	2019/10/24	high
90501	Scientific Linux 安全更新：SL5.x i386/x86_64 上的 samba3x (Badlock)	Nessus	Scientific Linux Local Security Checks	2016/4/13	2021/1/14	high
90533	SUSE SLES11 安全更新：samba (SUSE-SU-2016:1023-1) (Badlock)	Nessus	SuSE Local Security Checks	2016/4/15	2021/1/19	high
90474	FreeBSD：samba -- 多个漏洞 (a636fc26-00d9-11e6-b704-000c292e4fd8) (Badlock)	Nessus	FreeBSD Local Security Checks	2016/4/13	2021/1/4	high
90548	Slackware 14.0 / 14.1 / 当前版本：samba (SSA:2016-106-02) (Badlock)	Nessus	Slackware Local Security Checks	2016/4/18	2021/1/14	high
9232	Samba 4.3.x < 4.3.7 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	2016/4/12	2019/3/6	high
9822	Samba 4.2.x < 4.2.11 / 4.3.x < 4.3.8 / 4.4.x < 4.4.2 Multiple MitM	Nessus Network Monitor	Samba	2016/12/9	2019/3/6	medium
9231	Samba 4.2.x < 4.2.10 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	2016/4/12	2019/3/6	high
9233	Samba 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)	Nessus Network Monitor	Samba	2016/4/12	2019/3/6	high
802024	Samba < 4.4.2, 4.3.8, 4.2.11, 3.6.26 Multiple Vulnerabilities	Log Correlation Engine	Samba	2016/9/8		critical
801967	Samba < 4.2.10/11, < 4.3.7/8, < 4.4.1/2 badlock Vulnerability	Log Correlation Engine	Samba	2016/2/12		high

偵測

搜尋 Plugin

high

high

high

high

high

high

high

high

high

medium

high

high

critical

high