Univention Corporate Server 4.1 erratum 142 (security)

Errata overview

Errata ID	142
Date	2016-04-12
Source package	samba
Fixed in version	2:4.3.7-1.830.201604110947
Description	This update to Samba 4.3.7 addresses a couple of security issues identified in the Samba implementation as well as in the Microsoft Windows MS-SAMR and MS-LDAD protocols. The latter has been referred to publicly as BADLOCK. The raised security requirements of Samba server components may require config adjustments for older clients. Univention Corporate Client (UCC) 1.0 running a Linux kernel version prior to 3.8 for example require an adjustment of the mount.cifs options. In that case the value for mount option "sec" needs to be adjusted to "ntlmsspi", e.g. by setting ucr set ucc/mount/cifshome/options="serverino,sec=ntlmsspi" UCC 2.x clients (i.e. Linux kernel above 3.8) don't require this adjustment. Details of the vulnerabilities fixed in this update: * Errors in Samba DCE-RPC code could potentially lead to denial of service (crashes and high CPU consumption) and man in the middle attacks. It was unlikely but not impossible to trigger remote code execution, which could result in an impersonation on the client side. For details see https://www.samba.org/samba/security/CVE-2015-5370.html * Man in the middle downgrade attacks have been possible with NTLMSSP. For details see https://www.samba.org/samba/security/CVE-2016-2110.html * There has been a NETLOGON computer name spoofing vulnerability. For details see https://www.samba.org/samba/security/CVE-2016-2111.html * The LDAP client and server didn't enforce integrity protection. For details see https://www.samba.org/samba/security/CVE-2016-2112.html * Missing TLS certificate validation allows man in the middle attacks. For details see https://www.samba.org/samba/security/CVE-2016-2113.html * The setting "server signing = mandatory" was not enforced. For details see https://www.samba.org/samba/security/CVE-2016-2114.html * SMB client connections for IPC traffic have not been integrity protected. For details see https://www.samba.org/samba/security/CVE-2016-2115.html * SAMR and LSA man in the middle attacks have been possible (BADLOCK). For details see https://www.samba.org/samba/security/CVE-2016-2118.html * The regression patch from Samba 4.3.8 is included in this update.
Additional notes
CVE ID	CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118
UCS Bug number	#40988