| Description: | Summary:
Check the version of libsmbclient
Vulnerability Insight:
Samba is an open-source implementation
of the Server Message Block (SMB) or Common Internet File System (CIFS)
protocol, which allows PC-compatible machines to share files, printers, and
other information.
A man-in-the-middle vulnerability was found in the way 'connection signing'
was implemented by Samba. A remote attacker could use this flaw to
downgrade an existing Samba client connection and force the use of plain
text. (CVE-2015-5296)
A missing access control flaw was found in Samba. A remote, authenticated
attacker could use this flaw to view the current snapshot on a Samba share,
despite not having DIRECTORY_LIST access rights. (CVE-2015-5299)
An access flaw was found in the way Samba verified symbolic links when
creating new files on a Samba share. A remote attacker could exploit this
flaw to gain access to files outside of Samba's share path. (CVE-2015-5252)
Red Hat would like to thank the Samba project for reporting these issues.
Upstream acknowledges Stefan Metzmacher of the Samba Team and Sernet.de as
the original reporters of CVE-2015-5296, partha exablox com as the original
reporter of CVE-2015-5299, Jan 'Yenya' Kasprzak and the Computer Systems
Unit team at Faculty of Informatics, Masaryk University as the original
reporters of CVE-2015-5252.
All samba users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the smb service will be restarted automatically.
Affected Software/OS:
libsmbclient on CentOS 6
Solution:
Please Install the Updated Packages.
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
