Unsolved
This post is more than 5 years old
2 Posts
0
1833
May 6th, 2014 07:00
Vulnerable Samba
Our EMC devices show a vulnerable version of Samba (3.0.35) via our internal vuln scanners/nmap scan. Our storage guys opened a support ticket. EMC rep states that since we are at DDOS 5.4 we aren't vulnerable to the numerous bugs/exploits aplicable to that version of Samba. Surely, someone in the community has run across this? I have a hard time thinking these aren't issues.
Is Samba "updateable/patchable" from an adminstrator perspective? Or is this somethig that would have to be in a DDOS patch? Or is it such that DDOS just "sits on top" of the underlying Linux system and the two have nothing to do with each other?
I'm thinking we don't have root access to apply the Samba update as is the case with most appliance based systems I have used in the past and this is something that would have to be done in conjunction with EMC support to update the vulnerable version of Samba. Is this a correct assumption?
Here are the CVE's;
Samba Buffer Overrun Vulnerability
CVE-2010-3069
Samba memory corruption vulnerability
CVE-2010-2063
Samba smbd chain_reply function vulnerability
CVE-2010-1635
Samba smbd sesssetup.c function vulnerability
CVE-2010-1642
0 events found
PatrickBetts
1 Rookie
•
116 Posts
1
May 7th, 2014 06:00
NotAStorageGuy,
I have found the following information on CVE-2010-1635 and CVE-2010-1642. I am going to open a bug on CVE-2010-2063 and CVE-2010-3069 for more information:
CVE-2010-1642 & CVE-2010-1635
===================================
1. Audit ID: 18463
2. Category: CAT II
3. Reference: CVE-2010-1635,CVE-2010-1642
4. Description Samba contains multiple vulnerabilities when handling crafted Negotiate
Protocol and Session Setup AndX requests. Successful exploitation may
result in denial-of-service conditions (process crash).
5. Status: Open
6. Explanation: Upgrade Samba to version 3.5.2, 3.4.8, or newer.
7. Resolution: Not Applicable. The version of Samba in the DD operating system uses a different mechanism for CIFS request/response buffers. Because of this, Samba security vulnerability CVE-2010-1635 doesn't apply to DDOS.
Further, EMC Data Domain Engineering has verified that CVE-2010-1642 remediation has been included in DDOS 5.1.4.0-343209, 5.2.2.0-347573, 5.3.0.0-342406, 5.4.0.0-347751.
EDIT: I found the following already in our bugzilla database:
CVE-2010-3069
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows
Security ID (SID) on a file share.
RESPONSE: Fixed in DDOS 5.1.x.x which uses a slightly older version of Samba (3.0.35), which has had the 3.3.x patch hand merged into the code to resolve the vulnerability; internal engineering reference 47832.
CVE-2010-2063
1. Audit ID: 13121
2. Category: CAT I
3. Reference: CVE-2010-2063
4. Description: Samba contains a vulnerability when handling specially crafted SMB1 chained packets. Successful exploitation could allow remote unauthenticated attackers to corrupt system memory in such a way that could be leveraged to execute arbitrary code or cause the daemon to crash. Note: This audit may report false
findings on systems running backported versions of Samba.
5. Status: Open
6. Explanation: Upgrade Samba to version 3.3.13 or newer; or install updated packages from appropriate vendor.
7. Resolution: False Finding. EMC Engineering has reviewed and determined Samba was updated and this vulnerability was completely remediated in DD OS version 5.0.
NotAStorageGuy
2 Posts
0
May 8th, 2014 08:00
Thanks for the detailed responses. I have opened a "False Positive" report with our scanning vendor.