Vulnerabilities > CVE-2006-3403 - Denial of Service vulnerability in Samba Internal Data Structures
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-120.NASL description A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22020 published 2006-07-11 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22020 title Mandrake Linux Security Advisory : samba (MDKSA-2006:120) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:120. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(22020); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-3403"); script_bugtraq_id(18927); script_xref(name:"MDKSA", value:"2006:120"); script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2006:120)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated packages have been patched to correct this issue." ); script_set_attribute( attribute:"see_also", value:"http://www.samba.org/samba/security/CVE-2006-3403.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mount-cifs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-xml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-smbldap-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-clamav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-icap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64smbclient0-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64smbclient0-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libsmbclient0-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libsmbclient0-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"mount-cifs-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"nss_wins-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-client-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-common-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-doc-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-passdb-mysql-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-passdb-pgsql-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-passdb-xml-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-server-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-smbldap-tools-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-swat-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-vscan-clamav-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-vscan-icap-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"samba-winbind-3.0.13-2.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"mount-cifs-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"nss_wins-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-client-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-common-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-doc-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-mysql-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-pgsql-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-xml-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-server-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-smbldap-tools-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-swat-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-vscan-clamav-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-vscan-icap-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"samba-winbind-3.0.20-3.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0591.NASL description Updated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22104 published 2006-07-28 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22104 title CentOS 3 / 4 : samba (CESA-2006:0591) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0591 and # CentOS Errata and Security Advisory 2006:0591 respectively. # include("compat.inc"); if (description) { script_id(22104); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-3403"); script_bugtraq_id(18927); script_xref(name:"RHSA", value:"2006:0591"); script_name(english:"CentOS 3 / 4 : samba (CESA-2006:0591)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013101.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f134aa38" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013102.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b3261bb" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013055.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7007f2d4" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013056.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f05046a9" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013062.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e12fb4f8" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013063.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fa82d8c8" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-swat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"samba-3.0.9-1.3E.10")) flag++; if (rpm_check(release:"CentOS-3", reference:"samba-client-3.0.9-1.3E.10")) flag++; if (rpm_check(release:"CentOS-3", reference:"samba-common-3.0.9-1.3E.10")) flag++; if (rpm_check(release:"CentOS-3", reference:"samba-swat-3.0.9-1.3E.10")) flag++; if (rpm_check(release:"CentOS-4", reference:"samba-3.0.10-1.4E.6.2")) flag++; if (rpm_check(release:"CentOS-4", reference:"samba-client-3.0.10-1.4E.6.2")) flag++; if (rpm_check(release:"CentOS-4", reference:"samba-common-3.0.10-1.4E.6.2")) flag++; if (rpm_check(release:"CentOS-4", reference:"samba-swat-3.0.10-1.4E.6.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba / samba-client / samba-common / samba-swat"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200607-10.NASL description The remote host is affected by the vulnerability described in GLSA-200607-10 (Samba: Denial of Service vulnerability) During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a Denial of Service. Impact : By sending a large amount of share connection requests to a vulnerable Samba server, an attacker could cause a Denial of Service due to memory consumption. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22108 published 2006-07-28 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22108 title GLSA-200607-10 : Samba: Denial of Service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200607-10. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(22108); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-3403"); script_bugtraq_id(18927); script_xref(name:"GLSA", value:"200607-10"); script_name(english:"GLSA-200607-10 : Samba: Denial of Service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200607-10 (Samba: Denial of Service vulnerability) During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a Denial of Service. Impact : By sending a large amount of share connection requests to a vulnerable Samba server, an attacker could cause a Denial of Service due to memory consumption. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200607-10" ); script_set_attribute( attribute:"solution", value: "All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/samba-3.0.22-r3'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/28"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 3.0.22-r3"), vulnerable:make_list("lt 3.0.22-r3"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-808.NASL description - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23-1.fc4 - Update to 3.0.23 to close bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch changes from rawhide. -winbind, and -access patches are obsolete. - include the fixed smb.init file from rawhide, closing bz#182560 Wrong retval for initscript when smbd is dead - Mon Oct 10 2005 Jay Fenlason <fenlason at redhat.com> - Upgrade to 3.0.20a, which includes all the previous upstream patches. - Include the -winbind patch from Jeremy Allison <jra at samba.org> to fix a problem with winbind crashing. - Include the -access patch from Jeremy Allison <jra at samba.org> to fix a problem with MS Access lock files. - Updated the -warnings patch for 3.0.20a. - Include --with-shared-modules=idmap_ad,idmap_rid to close bz#156810 ? --with-shared-modules=idmap_ad,idmap_rid - Include the new samba.pamd from Tomas Mraz (tmraz at redhat.com) to close bz#170259 ? pam_stack is deprecated - Mon Aug 22 2005 Jay Fenlason <fenlason at redhat.com> - New upstream release Includes five upstream patches -bug3010_v1, -groupname_enumeration_v3, -regcreatekey_winxp_v1, -usrmgr_groups_v1, and -winbindd_v1 This obsoletes the -pie and -delim patches the -warning and -gcc4 patches are obsolete too The -man, -passwd, and -smbspool patches were updated to match 3.0.20pre1 Also, the -quoting patch was implemented differently upstream There is now a umount.cifs executable and manpage We run autogen.sh as part of the build phase The testprns command is now gone libsmbclient now has a man page - Include -bug106483 patch to close bz#106483 smbclient: -N negates the provided password, despite documentation - Added the -warnings patch to quiet some compiler warnings. - Removed many obsolete patches from CVS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24149 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24149 title Fedora Core 4 : samba-3.0.23-1.fc4 (2006-808) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-808. # include("compat.inc"); if (description) { script_id(24149); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_xref(name:"FEDORA", value:"2006-808"); script_name(english:"Fedora Core 4 : samba-3.0.23-1.fc4 (2006-808)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23-1.fc4 - Update to 3.0.23 to close bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch changes from rawhide. -winbind, and -access patches are obsolete. - include the fixed smb.init file from rawhide, closing bz#182560 Wrong retval for initscript when smbd is dead - Mon Oct 10 2005 Jay Fenlason <fenlason at redhat.com> - Upgrade to 3.0.20a, which includes all the previous upstream patches. - Include the -winbind patch from Jeremy Allison <jra at samba.org> to fix a problem with winbind crashing. - Include the -access patch from Jeremy Allison <jra at samba.org> to fix a problem with MS Access lock files. - Updated the -warnings patch for 3.0.20a. - Include --with-shared-modules=idmap_ad,idmap_rid to close bz#156810 ? --with-shared-modules=idmap_ad,idmap_rid - Include the new samba.pamd from Tomas Mraz (tmraz at redhat.com) to close bz#170259 ? pam_stack is deprecated - Mon Aug 22 2005 Jay Fenlason <fenlason at redhat.com> - New upstream release Includes five upstream patches -bug3010_v1, -groupname_enumeration_v3, -regcreatekey_winxp_v1, -usrmgr_groups_v1, and -winbindd_v1 This obsoletes the -pie and -delim patches the -warning and -gcc4 patches are obsolete too The -man, -passwd, and -smbspool patches were updated to match 3.0.20pre1 Also, the -quoting patch was implemented differently upstream There is now a umount.cifs executable and manpage We run autogen.sh as part of the build phase The testprns command is now gone libsmbclient now has a man page - Include -bug106483 patch to close bz#106483 smbclient: -N negates the provided password, despite documentation - Added the -warnings patch to quiet some compiler warnings. - Removed many obsolete patches from CVS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000409.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6b23e045" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-swat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC4", reference:"samba-3.0.23-1.fc4")) flag++; if (rpm_check(release:"FC4", reference:"samba-client-3.0.23-1.fc4")) flag++; if (rpm_check(release:"FC4", reference:"samba-common-3.0.23-1.fc4")) flag++; if (rpm_check(release:"FC4", reference:"samba-debuginfo-3.0.23-1.fc4")) flag++; if (rpm_check(release:"FC4", reference:"samba-swat-3.0.23-1.fc4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba / samba-client / samba-common / samba-debuginfo / samba-swat"); }NASL family SuSE Local Security Checks NASL id SUSE_SAMBA-1961.NASL description - Fix pam config file parsing in pam_winbind; bso [#3916]. - Prevent potential crash in winbindd last seen 2020-06-01 modified 2020-06-02 plugin id 29574 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29574 title SuSE 10 Security Update : Samba (ZYPP Patch Number 1961) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29574); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2006-3403"); script_name(english:"SuSE 10 Security Update : Samba (ZYPP Patch Number 1961)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: " - Fix pam config file parsing in pam_winbind; bso [#3916]. - Prevent potential crash in winbindd's credential cache handling; [#184450]. - Fix memory exhaustion DoS; CVE-2006-3403; [#190468]. - Fix the munlock call, samba.org svn rev r16755 from Volker. - Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; [#184450]. - Ensure to link all required libraries to libnss_wins; [#184306]. - Change log level of debug message to avaoid flodded nmbd log; [#157623]. - Add 'usershare allow guests = Yes' to the default config; [#144787]. - Fix syntax error in configure script." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3403.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 1961."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"samba-3.0.22-13.23")) flag++; if (rpm_check(release:"SLED10", sp:0, reference:"samba-client-3.0.22-13.23")) flag++; if (rpm_check(release:"SLED10", sp:0, reference:"samba-winbind-3.0.22-13.23")) flag++; if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"samba-32bit-3.0.22-13.23")) flag++; if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"samba-client-32bit-3.0.22-13.23")) flag++; if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"samba-winbind-32bit-3.0.22-13.23")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"samba-3.0.22-13.23")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"samba-client-3.0.22-13.23")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"samba-winbind-3.0.22-13.23")) flag++; if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"samba-32bit-3.0.22-13.23")) flag++; if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"samba-client-32bit-3.0.22-13.23")) flag++; if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"samba-winbind-32bit-3.0.22-13.23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-195-01.NASL description New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related (but in my own and also the Samba last seen 2020-06-01 modified 2020-06-02 plugin id 22050 published 2006-07-17 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22050 title Slackware 10.0 / 10.1 / 10.2 / current : Samba DoS (SSA:2006-195-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2006-195-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(22050); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2006-3403"); script_bugtraq_id(18927); script_xref(name:"SSA", value:"2006-195-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / current : Samba DoS (SSA:2006-195-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related (but in my own and also the Samba's team member who made their WHATSNEW.txt entry, 'minor') denial of service issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?28f46717" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/17"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.0", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"current", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id SAMBA_ACL_SECURITY_BYPASS.NASL description According to its version number, the version of Samba running on the remote host has a security bypass vulnerability. Access restrictions can be bypassed due to a read of uninitialized data in smbd. This could allow a user to modify an access control list (ACL), even when they should be denied permission. Note the last seen 2020-06-01 modified 2020-06-02 plugin id 39502 published 2009-06-24 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39502 title Samba < 3.0.35 / 3.2.13 / 3.3.6 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(39502); script_version("1.15"); script_cve_id("CVE-2009-1886", "CVE-2009-1888", "CVE-2006-3403"); script_bugtraq_id(35472); script_xref(name:"Secunia", value:"35539"); script_name(english:"Samba < 3.0.35 / 3.2.13 / 3.3.6 Multiple Vulnerabilities"); script_summary(english:"Checks the remote Samba version"); script_set_attribute( attribute:"synopsis", value: "The remote Samba server may be affected by a security bypass vulnerability." ); script_set_attribute( attribute:"description", value: "According to its version number, the version of Samba running on the remote host has a security bypass vulnerability. Access restrictions can be bypassed due to a read of uninitialized data in smbd. This could allow a user to modify an access control list (ACL), even when they should be denied permission. Note the 'dos filemode' parameter must be set to 'yes' in smb.conf in order for an attack to be successful (the default setting is 'no'). Also note versions 3.2.0 - 3.2.12 of smbclient are affected by a format string vulnerability, though Nessus has not checked for this." ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2009-1888.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2009-1886.html" ); script_set_attribute( attribute:"solution", value: "Upgrade to Samba version 3.3.6 / 3.2.13 / 3.0.35 or later, or apply the appropriate patch referenced in the vendor's advisory." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(134, 264); script_set_attribute(attribute:"plugin_publication_date", value: "2009/06/24"); script_set_attribute(attribute:"plugin_type", value: "remote"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("smb_nativelanman.nasl"); script_require_keys("SMB/samba", "SMB/NativeLanManager"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) exit(1, "Report paranoia is low, and this plugin's prone to false positives"); lanman = get_kb_item("SMB/NativeLanManager"); if (isnull(lanman)) exit(1, "A SMB banner was not found."); match = eregmatch(string:lanman, pattern:'^Samba ([0-9.]+)$', icase:TRUE); if (isnull(match)) exit(1, "The banner does not appear to be Samba."); version = match[1]; ver_fields = split(version, sep:'.', keep:FALSE); major = int(ver_fields[0]); minor = int(ver_fields[1]); rev = int(ver_fields[2]); # Affected versions: # 3.3.0 - 3.3.5 # 3.2.0 - 3.2.12 # 3.0.0 - 3.0.34 if ( major == 3 && ((minor == 3 && rev <= 5) || (minor == 2 && rev <= 12) || (minor == 0 && rev <= 34)) ) { port = get_kb_item("SMB/transport"); if (minor == 3) fix = '3.3.6'; else if (minor == 2) fix = '3.2.13'; else if (minor == 0) fix = '3.0.35'; if (report_verbosity) { report = string( "\n", "Installed version : ", version, "\n", "Fixed version : ", fix, "\n" ); security_note(port:port, extra:report); } else security_note(port); exit(0); } else exit(1, "Samba version " + version + " is not vulnerable.");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1110.NASL description Gerald Carter discovered that the smbd daemon from Samba, a free implementation of the SMB/CIFS protocol, imposes insufficient limits in the code to handle shared connections, which can be exploited to exhaust system memory by sending maliciously crafted requests, leading to denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22652 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22652 title Debian DSA-1110-1 : samba - missing input sanitising NASL family SuSE Local Security Checks NASL id SUSE_SAMBA-1830.NASL description - Prevent potential crash in winbindd last seen 2020-06-01 modified 2020-06-02 plugin id 27426 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27426 title openSUSE 10 Security Update : samba (samba-1830) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B168DDEA105A11DBAC96000C6EC775D9.NASL description The Samba Team reports : The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations. last seen 2020-06-01 modified 2020-06-02 plugin id 22018 published 2006-07-11 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22018 title FreeBSD : samba -- memory exhaustion DoS in smbd (b168ddea-105a-11db-ac96-000c6ec775d9) NASL family Fedora Local Security Checks NASL id FEDORA_2007-219.NASL description - Wed Feb 7 2007 Jay Fenlason <fenlason at redhat.com> 3.0.24-1.fc5 - New upstream release - Update the -man patch to work with 3.0.24 - This release fixes CVE-2007-0452 Samba smbd denial of service - Tue Sep 26 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23c-1.fc5 - Include the newer smb.init that includes the configtest option - Upgrade to 3.0.23c, obsoleting the -samr_alias patch. - Wed Aug 9 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23b-1.fc5 - New upstream release, fixing some annoying bugs. - Mon Jul 24 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23a-1.fc5.1 - Fix the -logfiles patch to close bz#199607 Samba compiled with wrong log path. bz#199206 smb.conf has incorrect log file path - Mon Jul 24 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23a-1.fc5 - Upgrade to new upstream 3.0.23a - include upstream samr_alias patch - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23-1.fc5 - Upgrade to 3.0.23 to close bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch changes from rawhide. - include the fixed smb.init file from rawhide, closing bz#182560 Wrong retval for initscript when smbd is dead Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24305 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24305 title Fedora Core 5 : samba-3.0.24-1.fc5 (2007-219) NASL family Fedora Local Security Checks NASL id FEDORA_2006-807.NASL description - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23-1.fc5 - Upgrade to 3.0.23 to close bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch changes from rawhide. - include the fixed smb.init file from rawhide, closing bz#182560 Wrong retval for initscript when smbd is dead Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24148 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24148 title Fedora Core 5 : samba-3.0.23-1.fc5 (2006-807) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0591.NASL description Updated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22112 published 2006-07-28 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22112 title RHEL 2.1 / 3 / 4 : samba (RHSA-2006:0591) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-314-1.NASL description The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27890 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27890 title Ubuntu 5.04 / 5.10 / 6.06 LTS : samba vulnerability (USN-314-1)
Oval
| accepted | 2013-04-29T04:13:29.186-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11355 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | ||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | Apple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a> |
| id | SSV:623 |
| last seen | 2017-11-19 |
| modified | 2006-11-29 |
| published | 2006-11-29 |
| reporter | Root |
| title | Apple Mac OS X 2006-007存在多个安全漏洞 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/20980
- http://secunia.com/advisories/20983
- http://secunia.com/advisories/21018
- http://secunia.com/advisories/21019
- http://secunia.com/advisories/21046
- http://secunia.com/advisories/21086
- http://secunia.com/advisories/21143
- http://secunia.com/advisories/21159
- http://secunia.com/advisories/21187
- http://secunia.com/advisories/21190
- http://secunia.com/advisories/21262
- http://secunia.com/advisories/22875
- http://secunia.com/advisories/23155
- http://security.gentoo.org/glsa/glsa-200607-10.xml
- http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
- http://securitytracker.com/id?1016459
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
- http://www.debian.org/security/2006/dsa-1110
- http://www.kb.cert.org/vuls/id/313836
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:120
- http://www.novell.com/linux/security/advisories/2006_17_sr.html
- http://www.redhat.com/support/errata/RHSA-2006-0591.html
- http://www.samba.org/samba/security/CAN-2006-3403.html
- http://www.securityfocus.com/archive/1/439757/100/0/threaded
- http://www.securityfocus.com/archive/1/439875/100/0/threaded
- http://www.securityfocus.com/archive/1/439880/100/100/threaded
- http://www.securityfocus.com/archive/1/440767/100/0/threaded
- http://www.securityfocus.com/archive/1/440836/100/0/threaded
- http://www.securityfocus.com/archive/1/448957/100/0/threaded
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451426/100/200/threaded
- http://www.securityfocus.com/bid/18927
- http://www.ubuntu.com/usn/usn-314-1
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vmware.com/download/esx/esx-202-200610-patch.html
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vupen.com/english/advisories/2006/2745
- http://www.vupen.com/english/advisories/2006/4502
- http://www.vupen.com/english/advisories/2006/4750
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27648
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11355