11752 – (CVE-2016-2113) [SECURITY] CVE-2016-2113: Missing TLS certificate validation allows man in the middle attacks

Bug 11752 (CVE-2016-2113) - [SECURITY] CVE-2016-2113: Missing TLS certificate validation allows man in the middle attacks

Summary: [SECURITY] CVE-2016-2113: Missing TLS certificate validation allows man in th...

Status:	RESOLVED FIXED

Alias:	CVE-2016-2113

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Stefan Metzmacher
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:	11744
	Show dependency tree / graph

Reported:	2016-02-24 22:02 UTC by Stefan Metzmacher
Modified:	2024-03-22 02:53 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2016-02-24 22:02:10 UTC

For more information ask please ask me privately
via encrypted mail to metze@samba.org

sec#  8192R/6A739B025C6B98D4 2015-09-28 [expires: 2016-09-27]
      Key fingerprint = A3D1 92CE 44EF 4125 17BC  ED64 6A73 9B02 5C6B 98D4
uid                          Stefan Metzmacher <metze@samba.org>
ssb   4096R/0DB5F5612869BD56 2015-09-28
ssb   4096R/BFD5085E9D32D974 2015-09-28

Comment 1 Stefan Metzmacher 2016-02-24 22:02:30 UTC

TLS related

Comment 2 Stefan Metzmacher 2016-02-25 10:11:12 UTC

CVE number requested...

Comment 3 Stefan Metzmacher 2016-04-12 17:29:38 UTC

===================================================================================
== Subject:     Missing TLS certificate validation allows man in the middle attacks
==
== CVE ID#:     CVE-2016-2113
==
== Versions:    Samba 4.0.0 to 4.4.0
==
== Summary:     Man in the middle attacks are possible for client triggered LDAP
==              connections (with ldaps://) and ncacn_http connections
==              (with https://).
==
===================================================================================

===========
Description
===========

Samba has support for TLS/SSL for some protocols:
ldap and http, but currently certificates are not
validated at all. While we have a "tls cafile" option,
the configured certificate is not used to validate
the server certificate.

This applies to ldaps:// connections triggered by tools like:
"ldbsearch", "ldbedit" and more. Note that it only applies
to the ldb tools when they are built as part of Samba or with Samba
extensions installed, which means the Samba builtin LDAP client library is
used.

It also applies to dcerpc client connections using ncacn_http (with https://),
which are only used by the openchange project. Support for ncacn_http
was introduced in version 4.2.0.

The security patches will introduce a new option called
"tls verify peer". Possible values are "no_check", "ca_only",
"ca_and_name_if_available", "ca_and_name" and "as_strict_as_possible".

If you use the self-signed certificates which are auto-generated
by Samba, you won't have a crl file and need to explicitly
set "tls verify peer = ca_and_name".

===================
New smb.conf option
===================

  tls verify peer (G)

    This controls if and how strict the client will verify the peer's
    certificate and name. Possible values are (in increasing order): no_check,
    ca_only, ca_and_name_if_available, ca_and_name and as_strict_as_possible.

    When set to no_check the certificate is not verified at all,
    which allows trivial man in the middle attacks.

    When set to ca_only the certificate is verified to be signed from a ca
    specified in the "tls ca file" option. Setting "tls ca file" to a valid file
    is required. The certificate lifetime is also verified. If the "tls crl file"
    option is configured, the certificate is also verified against
    the ca crl.

    When set to ca_and_name_if_available all checks from ca_only are performed.
    In addition, the peer hostname is verified against the certificate's
    name, if it is provided by the application layer and not given as
    an ip address string.

    When set to ca_and_name all checks from ca_and_name_if_available are performed.
    In addition the peer hostname needs to be provided and even an ip
    address is checked against the certificate's name.

    When set to as_strict_as_possible all checks from ca_and_name are performed.
    In addition the "tls crl file" needs to be configured. Future versions
    of Samba may implement additional checks.

    Default: tls verify peer = as_strict_as_possible

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  https://www.samba.org/samba/security/

Additionally, Samba 4.4.2, 4.3.8 and 4.2.11 have been issued as
security releases to correct the defect. Samba vendors and administrators
running affected versions are advised to upgrade or apply the patch as
soon as possible.

Note that Samba 4.4.1, 4.3.7 and 4.2.10 were privately released to vendors,
but had a regression, which is fixed in 4.4.2, 4.3.8 and 4.2.11.

==========
Workaround
==========

None.

=======
Credits
=======

This vulnerability was discovered and researched by Stefan Metzmacher of
SerNet (https://samba.plus) and the Samba Team (https://www.samba.org).
He provides the fixes in collaboration with the Samba Team.

Comment 4 Stefan Metzmacher 2016-04-13 14:17:05 UTC

The fixes are in v4-{2,3,4}-{stable,test} and master.

Comment 5 Douglas Bagnall 2024-03-22 02:53:52 UTC

Opening this up to non-vendors.