353 lines
18 KiB
JSON
353 lines
18 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20161324",
|
||
"Version": "oval:org.altlinux.errata:def:20161324",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2016-1324: package `samba-DC` update to version 4.4.2-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c9f2"
|
||
],
|
||
"Products": [
|
||
"ALT SPWorkstation",
|
||
"ALT SPServer"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2016-1324",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1324",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01274",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01274",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01275",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01275",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01276",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01276",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01290",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01290",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01291",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01291",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01292",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01292",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01294",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01294",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01316",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01316",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2015-5370",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5370",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-2110",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2110",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-2111",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2111",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-2112",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2112",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-2113",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2113",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-2114",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2114",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-2115",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2115",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2016-2118",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2118",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades samba-DC to version 4.4.2-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01274: Уязвимость службы NETLOGON пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2021-01275: Уязвимость функции ncacn_np пакета программ сетевого взаимодействия Samba, связанная с недостатками элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2021-01276: Уязвимость реализации DCE/RPC пакета программ сетевого взаимодействия Samba, связанная с раскрытием информации, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2021-01290: Уязвимость пакета программ сетевого взаимодействия Samba, связанная с недостатками в механизме криптографической защиты, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность\n\n * BDU:2021-01291: Уязвимость библиотеки LDAP пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2021-01292: Уязвимость реализации протокола SMB1 пакета программ сетевого взаимодействия Samba, связанная с недостатками элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2021-01294: Уязвимость реализации NTLMSSP пакета программ сетевого взаимодействия Samba, связанная с недостатках элементов безопасности, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2021-01316: Уязвимость протокола MS-SAMR и MS-LSAD пакета программ сетевого взаимодействия Samba, связанная с недостатками элементов безопасности, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2015-5370: Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.\n\n * CVE-2016-2110: The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.\n\n * CVE-2016-2111: The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.\n\n * CVE-2016-2112: The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.\n\n * CVE-2016-2113: Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.\n\n * CVE-2016-2114: The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"server signing = mandatory\" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.\n\n * CVE-2016-2115: Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.\n\n * CVE-2016-2118: The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2016-04-13"
|
||
},
|
||
"Updated": {
|
||
"Date": "2016-04-13"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2021-01274",
|
||
"CVSS": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01274",
|
||
"Impact": "Low",
|
||
"Public": "20160424"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01275",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01275",
|
||
"Impact": "Low",
|
||
"Public": "20160424"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01276",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-200",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01276",
|
||
"Impact": "Low",
|
||
"Public": "20160424"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01290",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||
"CWE": "CWE-310",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01290",
|
||
"Impact": "High",
|
||
"Public": "20160424"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01291",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01291",
|
||
"Impact": "Low",
|
||
"Public": "20160424"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01292",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01292",
|
||
"Impact": "Low",
|
||
"Public": "20160424"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01294",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01294",
|
||
"Impact": "Low",
|
||
"Public": "20160424"
|
||
},
|
||
{
|
||
"ID": "BDU:2021-01316",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01316",
|
||
"Impact": "High",
|
||
"Public": "20160412"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2015-5370",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "NVD-CWE-noinfo",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5370",
|
||
"Impact": "Low",
|
||
"Public": "20160425"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-2110",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2110",
|
||
"Impact": "Low",
|
||
"Public": "20160425"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-2111",
|
||
"CVSS": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2111",
|
||
"Impact": "Low",
|
||
"Public": "20160425"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-2112",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2112",
|
||
"Impact": "Low",
|
||
"Public": "20160425"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-2113",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||
"CWE": "CWE-310",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2113",
|
||
"Impact": "High",
|
||
"Public": "20160425"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-2114",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2114",
|
||
"Impact": "Low",
|
||
"Public": "20160425"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-2115",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
||
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2115",
|
||
"Impact": "Low",
|
||
"Public": "20160425"
|
||
},
|
||
{
|
||
"ID": "CVE-2016-2118",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-254",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2118",
|
||
"Impact": "High",
|
||
"Public": "20160412"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:8.4",
|
||
"cpe:/o:alt:spserver:8.4"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324001",
|
||
"Comment": "python-module-samba-DC is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324002",
|
||
"Comment": "samba-DC is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324003",
|
||
"Comment": "samba-DC-client is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324004",
|
||
"Comment": "samba-DC-common is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324005",
|
||
"Comment": "samba-DC-ctdb is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324006",
|
||
"Comment": "samba-DC-ctdb-tests is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324007",
|
||
"Comment": "samba-DC-devel is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324008",
|
||
"Comment": "samba-DC-doc is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324009",
|
||
"Comment": "samba-DC-libs is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324010",
|
||
"Comment": "samba-DC-pidl is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324011",
|
||
"Comment": "samba-DC-test is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324012",
|
||
"Comment": "samba-DC-winbind is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324013",
|
||
"Comment": "samba-DC-winbind-clients is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324014",
|
||
"Comment": "samba-DC-winbind-krb5-locator is earlier than 0:4.4.2-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20161324015",
|
||
"Comment": "task-samba-dc is earlier than 0:4.4.2-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |