Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1038 Security Bulletin: Multiple vulnerabilities in Samba - including Badlock - Transformation Extender Hypervisor Edition 28 April 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Transformation Extender Publisher: IBM Operating System: Linux variants Impact/Access: Root Compromise -- Existing Account Access Privileged Data -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Denial of Service -- Existing Account Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-2118 CVE-2016-2115 CVE-2016-2114 CVE-2016-2113 CVE-2016-2112 CVE-2016-2111 CVE-2016-2110 CVE-2015-5370 Reference: ESB-2016.0968 ESB-2016.0960 ESB-2016.0951.2 ESB-2016.0947 ESB-2016.0946 ESB-2016.0940 ESB-2016.0934 ESB-2016.0933 ESB-2016.0932 ESB-2016.0931 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21981057 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple vulnerabilities in Samba - including Badlock - Transformation Extender Hypervisor Edition Security Bulletin Document information More support for: Transformation Extender Hypervisor Software version: 8.4.0.0, 8.4.0.1, 8.4.0.2, 8.4.0.3, 8.4.0.4, 8.4.0.5, 8.4.1.0, 8.4.1.1, 8.4.1.2, 8.4.1.3, 8.4.1.4, 9.0.0.0 Operating system(s): Linux Reference #: 1981057 Modified date: 2016-04-27 Summary Samba vulnerabilities were disclosed on April 12, 2016. Samba is used by Transformation Extender Hypervisor Edition. Transformation Extender Hypervisor Edition has addressed the applicable CVEs including the vulnerability commonly referred to as Badlock. Vulnerability Details CVEID: CVE-2016-2118 DESCRIPTION: Samba could allow a remote attacker to gain elevated privileges on the system, caused by the acceptance of inadequate authentication levels by the Microsoft Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate an authenticated user against the SAMR or LSAD service and gain access to the Security Account Manager (SAM) database. This vulnerability is also known as the BADLOCK bug. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111935 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2015-5370 DESCRIPTION: Samba is vulnerable to a denial of service, caused by the improper validation of DCE-RPC packets by the DCE-RPC client and server implementations. An attacker could exploit this vulnerability using man-in-the-middle techniques to downgrade a secure connection to an insecure one and consume an overly large amount of CPU resources. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111936 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) CVEID: CVE-2016-2110 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to protect the feature negotiation of NTLMSSP from a downgrade. A remote attacker could exploit this vulnerability using man-in- the-middle techniques to clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL flags and perform downgrade attacks. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111937 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2111 DESCRIPTION: Samba could allow a remote attacker to conduct spoofing attacks, caused by an error in the NETLOGON service when a Domain Controller is configured. By logging into a domain joined system and observing network traffic, an attacker could exploit this vulnerability using a specially crafted application to connect to another domain joined system and access session- related information of the spoofed computer. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111938 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2112 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to enforce integrity protection by the LDAP client and server. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to downgrade LDAP connections. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111939 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2113 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certificates. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to perform unauthorized actions. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111940 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2114 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to enforce required smb signing. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to perform unauthorized actions. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111941 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2115 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to protect the integrity of SMB client connections for IPC traffic. A remote attacker could exploit this vulnerability using man-in-the- middle techniques to perform unauthorized actions. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111942 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) Affected Products and Versions Transformation Extender Hypervisor Edition Affected versions: 9.0.0.0 8.4.1.0 - 8.4.1.4 8.4.0.0 - 8.4.0.5 Remediation/Fixes Transformation Extender Hypervisor Edition for AIX 9.0.0.0 users should download and install the interim fix for APAR PI60549 from IBM Fix Central here. Users on prior versions of WebSphere Transformation Extender with Launcher Hypervisor Edition for AIX should download and install the interim fix for APAR PI60549 from IBM Fix Central here. Workarounds and Mitigations None. Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 26 April 2016: Original version published. *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVyGarX6ZAP0PgtI9AQI2UBAA1CrnZAhZ7ks2/6LllzPGfJX6icEhF1HB 4bK5+SoYh5B9lj5w7HCtn89plRROOjxLs9iK4bcyYme4uxrWcn68lAP+7iUzjdgm 65p7bFAnpxF/cZs4mAo4uVLasC4+ZjFe0mU4en2syAHVmvivJ1NUHdusgE3Jl4Dy lJ9OK7YkTRJTqE/OtC8p2TTyRSv1rIa5/U8Np3A6WJ6PCx/gCpR/P9eVa4Bc/GVM FzWpQ5g8zjBXrp6zlLAktiW9EKQ60QOeHHSir3duccpR9t/ZkZnd8CGoS2/sZGui eLT41pL/NflG6HbrIVT+YNcpvnIeYgL7zgaRek7KQ/tc4i+5v7RVh3+vtb1iRnHS LA+ogVz5fBE5r6vOmUPKJGfFPAxDUIfvls5au4Vd7AnOv9DfyBM56jHuOYjNZoQO Nu8md1z8d+7TQ8G5nn3DZoCZGa9QCw4GdG++OWSCvAiDRYxr1YXFJ88bWpg8ay1l vF9EzuqtVMjLHs0GWxOhZLtu6/14DH568wKnK0VSpx63mHZalfyyV8bSxm3+XzMG VRagv0rZUPfdYQ/JtW7ganrcLB5MPUijygA6jp58k+AGAYxMd9E0B2yS0Xm9ES1T CxaxVBBDQOc9uj3VqueUh7KC62mueJ+BexDwkBoi3D2QDJkPhLg2Biup1yq9Td18 b2BV3/5+7Uo= =IAoT -----END PGP SIGNATURE-----