Vulnerabilities > CVE-2006-3403 - Unspecified vulnerability in Samba

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
samba
nessus

Summary

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-120.NASL
    descriptionA vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections. Updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22020
    published2006-07-11
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22020
    titleMandrake Linux Security Advisory : samba (MDKSA-2006:120)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2006:120. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22020);
      script_version ("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2006-3403");
      script_bugtraq_id(18927);
      script_xref(name:"MDKSA", value:"2006:120");
    
      script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2006:120)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A vulnerability in samba 3.0.x was discovered where an attacker could
    cause a single smbd process to bloat, exhausting memory on the system.
    This bug is caused by continually increasing the size of an array
    which maintains state information about the number of active share
    connections.
    
    Updated packages have been patched to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.samba.org/samba/security/CVE-2006-3403.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mount-cifs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-smbldap-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-icap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64smbclient0-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64smbclient0-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libsmbclient0-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libsmbclient0-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"mount-cifs-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"nss_wins-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-client-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-common-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-doc-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-passdb-mysql-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-passdb-pgsql-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-passdb-xml-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-server-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-smbldap-tools-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-swat-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-vscan-clamav-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-vscan-icap-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"samba-winbind-3.0.13-2.1.102mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"mount-cifs-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"nss_wins-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-client-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-common-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-doc-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-mysql-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-pgsql-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-passdb-xml-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-server-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-smbldap-tools-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-swat-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-vscan-clamav-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-vscan-icap-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"samba-winbind-3.0.20-3.1.20060mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0591.NASL
    descriptionUpdated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22104
    published2006-07-28
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22104
    titleCentOS 3 / 4 : samba (CESA-2006:0591)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0591 and 
    # CentOS Errata and Security Advisory 2006:0591 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22104);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-3403");
      script_bugtraq_id(18927);
      script_xref(name:"RHSA", value:"2006:0591");
    
      script_name(english:"CentOS 3 / 4 : samba (CESA-2006:0591)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated samba packages that fix a denial of service vulnerability are
    now available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    Samba provides file and printer sharing services to SMB/CIFS clients.
    
    A denial of service bug was found in the way the smbd daemon tracks
    active connections to shares. It was possible for a remote attacker to
    cause the smbd daemon to consume a large amount of system memory by
    sending carefully crafted smb requests. (CVE-2006-3403)
    
    Users of Samba are advised to upgrade to these packages, which contain
    a backported patch to correct this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013101.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f134aa38"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-August/013102.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1b3261bb"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013055.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7007f2d4"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013056.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f05046a9"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013062.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e12fb4f8"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-July/013063.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fa82d8c8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected samba packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-swat");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"samba-3.0.9-1.3E.10")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"samba-client-3.0.9-1.3E.10")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"samba-common-3.0.9-1.3E.10")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"samba-swat-3.0.9-1.3E.10")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"samba-3.0.10-1.4E.6.2")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"samba-client-3.0.10-1.4E.6.2")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"samba-common-3.0.10-1.4E.6.2")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"samba-swat-3.0.10-1.4E.6.2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba / samba-client / samba-common / samba-swat");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200607-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200607-10 (Samba: Denial of Service vulnerability) During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a Denial of Service. Impact : By sending a large amount of share connection requests to a vulnerable Samba server, an attacker could cause a Denial of Service due to memory consumption. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id22108
    published2006-07-28
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22108
    titleGLSA-200607-10 : Samba: Denial of Service vulnerability
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200607-10.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22108);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:43");
    
      script_cve_id("CVE-2006-3403");
      script_bugtraq_id(18927);
      script_xref(name:"GLSA", value:"200607-10");
    
      script_name(english:"GLSA-200607-10 : Samba: Denial of Service vulnerability");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200607-10
    (Samba: Denial of Service vulnerability)
    
        During an internal audit the Samba team discovered that a flaw in the
        way Samba stores share connection requests could lead to a Denial of
        Service.
      
    Impact :
    
        By sending a large amount of share connection requests to a vulnerable
        Samba server, an attacker could cause a Denial of Service due to memory
        consumption.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200607-10"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Samba users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-fs/samba-3.0.22-r3'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/28");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 3.0.22-r3"), vulnerable:make_list("lt 3.0.22-r3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-808.NASL
    description - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23-1.fc4 - Update to 3.0.23 to close bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch changes from rawhide. -winbind, and -access patches are obsolete. - include the fixed smb.init file from rawhide, closing bz#182560 Wrong retval for initscript when smbd is dead - Mon Oct 10 2005 Jay Fenlason <fenlason at redhat.com> - Upgrade to 3.0.20a, which includes all the previous upstream patches. - Include the -winbind patch from Jeremy Allison <jra at samba.org> to fix a problem with winbind crashing. - Include the -access patch from Jeremy Allison <jra at samba.org> to fix a problem with MS Access lock files. - Updated the -warnings patch for 3.0.20a. - Include --with-shared-modules=idmap_ad,idmap_rid to close bz#156810 ? --with-shared-modules=idmap_ad,idmap_rid - Include the new samba.pamd from Tomas Mraz (tmraz at redhat.com) to close bz#170259 ? pam_stack is deprecated - Mon Aug 22 2005 Jay Fenlason <fenlason at redhat.com> - New upstream release Includes five upstream patches -bug3010_v1, -groupname_enumeration_v3, -regcreatekey_winxp_v1, -usrmgr_groups_v1, and -winbindd_v1 This obsoletes the -pie and -delim patches the -warning and -gcc4 patches are obsolete too The -man, -passwd, and -smbspool patches were updated to match 3.0.20pre1 Also, the -quoting patch was implemented differently upstream There is now a umount.cifs executable and manpage We run autogen.sh as part of the build phase The testprns command is now gone libsmbclient now has a man page - Include -bug106483 patch to close bz#106483 smbclient: -N negates the provided password, despite documentation - Added the -warnings patch to quiet some compiler warnings. - Removed many obsolete patches from CVS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24149
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24149
    titleFedora Core 4 : samba-3.0.23-1.fc4 (2006-808)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2006-808.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24149);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_xref(name:"FEDORA", value:"2006-808");
    
      script_name(english:"Fedora Core 4 : samba-3.0.23-1.fc4 (2006-808)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com>
        3.0.23-1.fc4
    
        - Update to 3.0.23 to close bz#197836 CVE-2006-3403
          Samba denial of service
    
      - include related spec file, filter-requires-samba.sh and
        patch changes from rawhide. -winbind, and -access
        patches are obsolete.
    
      - include the fixed smb.init file from rawhide, closing
        bz#182560 Wrong retval for initscript when smbd is dead
    
      - Mon Oct 10 2005 Jay Fenlason <fenlason at redhat.com>
    
        - Upgrade to 3.0.20a, which includes all the previous
          upstream patches.
    
        - Include the -winbind patch from Jeremy Allison <jra at
          samba.org> to fix a problem with winbind crashing.
    
      - Include the -access patch from Jeremy Allison <jra at
        samba.org> to fix a problem with MS Access lock files.
    
      - Updated the -warnings patch for 3.0.20a.
    
        - Include --with-shared-modules=idmap_ad,idmap_rid to
          close bz#156810 ?
          --with-shared-modules=idmap_ad,idmap_rid
    
      - Include the new samba.pamd from Tomas Mraz (tmraz at
        redhat.com) to close bz#170259 ? pam_stack is deprecated
    
      - Mon Aug 22 2005 Jay Fenlason <fenlason at redhat.com>
    
        - New upstream release Includes five upstream patches
          -bug3010_v1, -groupname_enumeration_v3,
          -regcreatekey_winxp_v1, -usrmgr_groups_v1, and
          -winbindd_v1 This obsoletes the -pie and -delim
          patches the -warning and -gcc4 patches are obsolete
          too The -man, -passwd, and -smbspool patches were
          updated to match 3.0.20pre1 Also, the -quoting patch
          was implemented differently upstream There is now a
          umount.cifs executable and manpage We run autogen.sh
          as part of the build phase The testprns command is now
          gone libsmbclient now has a man page
    
      - Include -bug106483 patch to close bz#106483 smbclient:
        -N negates the provided password, despite documentation
    
      - Added the -warnings patch to quiet some compiler
        warnings.
    
        - Removed many obsolete patches from CVS.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000409.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6b23e045"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba-swat");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC4", reference:"samba-3.0.23-1.fc4")) flag++;
    if (rpm_check(release:"FC4", reference:"samba-client-3.0.23-1.fc4")) flag++;
    if (rpm_check(release:"FC4", reference:"samba-common-3.0.23-1.fc4")) flag++;
    if (rpm_check(release:"FC4", reference:"samba-debuginfo-3.0.23-1.fc4")) flag++;
    if (rpm_check(release:"FC4", reference:"samba-swat-3.0.23-1.fc4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba / samba-client / samba-common / samba-debuginfo / samba-swat");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SAMBA-1961.NASL
    description - Fix pam config file parsing in pam_winbind; bso [#3916]. - Prevent potential crash in winbindd
    last seen2020-06-01
    modified2020-06-02
    plugin id29574
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29574
    titleSuSE 10 Security Update : Samba (ZYPP Patch Number 1961)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29574);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2006-3403");
    
      script_name(english:"SuSE 10 Security Update : Samba (ZYPP Patch Number 1961)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fix pam config file parsing in pam_winbind; bso [#3916].
    
      - Prevent potential crash in winbindd's credential cache
        handling; [#184450].
    
      - Fix memory exhaustion DoS; CVE-2006-3403; [#190468].
    
      - Fix the munlock call, samba.org svn rev r16755 from
        Volker.
    
      - Change the kerberos principal for LDAP authentication to
        netbios-name$@realm from host/name@realm; [#184450].
    
      - Ensure to link all required libraries to libnss_wins;
        [#184306].
    
      - Change log level of debug message to avaoid flodded nmbd
        log; [#157623].
    
      - Add 'usershare allow guests = Yes' to the default
        config; [#144787].
    
      - Fix syntax error in configure script."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-3403.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 1961.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:0, reference:"samba-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLED10", sp:0, reference:"samba-client-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLED10", sp:0, reference:"samba-winbind-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"samba-32bit-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"samba-client-32bit-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLED10", sp:0, cpu:"x86_64", reference:"samba-winbind-32bit-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"samba-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"samba-client-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"samba-winbind-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"samba-32bit-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"samba-client-32bit-3.0.22-13.23")) flag++;
    if (rpm_check(release:"SLES10", sp:0, cpu:"x86_64", reference:"samba-winbind-32bit-3.0.22-13.23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-195-01.NASL
    descriptionNew Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security related (but in my own and also the Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id22050
    published2006-07-17
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22050
    titleSlackware 10.0 / 10.1 / 10.2 / current : Samba DoS (SSA:2006-195-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2006-195-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22050);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2006-3403");
      script_bugtraq_id(18927);
      script_xref(name:"SSA", value:"2006-195-01");
    
      script_name(english:"Slackware 10.0 / 10.1 / 10.2 / current : Samba DoS (SSA:2006-195-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New Samba packages are available for Slackware 10.0, 10.1, 10.2, and
    -current to fix a security related (but in my own and also the Samba's
    team member who made their WHATSNEW.txt entry, 'minor') denial of
    service issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?28f46717"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected samba package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/07/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/17");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"10.0", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++;
    
    if (slackware_check(osver:"10.1", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++;
    
    if (slackware_check(osver:"10.2", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"samba", pkgver:"3.0.23", pkgarch:"i486", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idSAMBA_ACL_SECURITY_BYPASS.NASL
    descriptionAccording to its version number, the version of Samba running on the remote host has a security bypass vulnerability. Access restrictions can be bypassed due to a read of uninitialized data in smbd. This could allow a user to modify an access control list (ACL), even when they should be denied permission. Note the
    last seen2020-06-01
    modified2020-06-02
    plugin id39502
    published2009-06-24
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39502
    titleSamba < 3.0.35 / 3.2.13 / 3.3.6 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(39502);
      script_version("1.15");
    
      script_cve_id("CVE-2009-1886", "CVE-2009-1888", "CVE-2006-3403");
      script_bugtraq_id(35472);
      script_xref(name:"Secunia", value:"35539");
    
      script_name(english:"Samba < 3.0.35 / 3.2.13 / 3.3.6 Multiple Vulnerabilities");
      script_summary(english:"Checks the remote Samba version");
    
      script_set_attribute( attribute:"synopsis", value:
    "The remote Samba server may be affected by a security bypass
    vulnerability."  );
      script_set_attribute( attribute:"description", value:
    "According to its version number, the version of Samba running on the
    remote host has a security bypass vulnerability.  Access restrictions
    can be bypassed due to a read of uninitialized data in smbd.  This
    could allow a user to modify an access control list (ACL), even when
    they should be denied permission.
    
    Note the 'dos filemode' parameter must be set to 'yes' in smb.conf
    in order for an attack to be successful (the default setting is 'no').
    
    Also note versions 3.2.0 - 3.2.12 of smbclient are affected by a
    format string vulnerability, though Nessus has not checked for this."  );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2009-1888.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/security/CVE-2009-1886.html"
      );
      script_set_attribute( attribute:"solution", value:
    "Upgrade to Samba version 3.3.6 / 3.2.13 / 3.0.35 or later, or apply
    the appropriate patch referenced in the vendor's advisory."  );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(134, 264);
     script_set_attribute(attribute:"plugin_publication_date", value: "2009/06/24");
     script_set_attribute(attribute:"plugin_type", value: "remote");
     script_cvs_date("Date: 2018/11/15 20:50:24");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("smb_nativelanman.nasl");
      script_require_keys("SMB/samba", "SMB/NativeLanManager");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    if (report_paranoia < 2)
      exit(1, "Report paranoia is low, and this plugin's prone to false positives");
    
    lanman = get_kb_item("SMB/NativeLanManager");
    if (isnull(lanman))
      exit(1, "A SMB banner was not found.");
    
    match = eregmatch(string:lanman, pattern:'^Samba ([0-9.]+)$', icase:TRUE);
    if (isnull(match))
      exit(1, "The banner does not appear to be Samba.");
    
    version = match[1];
    ver_fields = split(version, sep:'.', keep:FALSE);
    major = int(ver_fields[0]);
    minor = int(ver_fields[1]);
    rev = int(ver_fields[2]);
    
    # Affected versions:
    # 3.3.0 - 3.3.5
    # 3.2.0 - 3.2.12
    # 3.0.0 - 3.0.34
    if (
      major == 3 &&
        ((minor == 3 && rev <= 5) ||
         (minor == 2 && rev <= 12) ||
         (minor == 0 && rev <= 34))
    )
    {
      port = get_kb_item("SMB/transport");
    
      if (minor == 3) fix = '3.3.6';
      else if (minor == 2) fix = '3.2.13';
      else if (minor == 0) fix = '3.0.35';
    
      if (report_verbosity)
      {
        report = string(
          "\n",
          "Installed version : ", version, "\n",
          "Fixed version     : ", fix, "\n"
        );
        security_note(port:port, extra:report);
      }
      else security_note(port);
    
      exit(0);
    }
    else exit(1, "Samba version " + version + " is not vulnerable.");
    
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1110.NASL
    descriptionGerald Carter discovered that the smbd daemon from Samba, a free implementation of the SMB/CIFS protocol, imposes insufficient limits in the code to handle shared connections, which can be exploited to exhaust system memory by sending maliciously crafted requests, leading to denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id22652
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22652
    titleDebian DSA-1110-1 : samba - missing input sanitising
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SAMBA-1830.NASL
    description - Prevent potential crash in winbindd
    last seen2020-06-01
    modified2020-06-02
    plugin id27426
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27426
    titleopenSUSE 10 Security Update : samba (samba-1830)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B168DDEA105A11DBAC96000C6EC775D9.NASL
    descriptionThe Samba Team reports : The smbd daemon maintains internal data structures used track active connections to file and printer shares. In certain circumstances an attacker may be able to continually increase the memory usage of an smbd process by issuing a large number of share connection requests. This defect affects all Samba configurations.
    last seen2020-06-01
    modified2020-06-02
    plugin id22018
    published2006-07-11
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22018
    titleFreeBSD : samba -- memory exhaustion DoS in smbd (b168ddea-105a-11db-ac96-000c6ec775d9)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-219.NASL
    description - Wed Feb 7 2007 Jay Fenlason <fenlason at redhat.com> 3.0.24-1.fc5 - New upstream release - Update the -man patch to work with 3.0.24 - This release fixes CVE-2007-0452 Samba smbd denial of service - Tue Sep 26 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23c-1.fc5 - Include the newer smb.init that includes the configtest option - Upgrade to 3.0.23c, obsoleting the -samr_alias patch. - Wed Aug 9 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23b-1.fc5 - New upstream release, fixing some annoying bugs. - Mon Jul 24 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23a-1.fc5.1 - Fix the -logfiles patch to close bz#199607 Samba compiled with wrong log path. bz#199206 smb.conf has incorrect log file path - Mon Jul 24 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23a-1.fc5 - Upgrade to new upstream 3.0.23a - include upstream samr_alias patch - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23-1.fc5 - Upgrade to 3.0.23 to close bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch changes from rawhide. - include the fixed smb.init file from rawhide, closing bz#182560 Wrong retval for initscript when smbd is dead Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24305
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24305
    titleFedora Core 5 : samba-3.0.24-1.fc5 (2007-219)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-807.NASL
    description - Wed Jul 12 2006 Jay Fenlason <fenlason at redhat.com> 3.0.23-1.fc5 - Upgrade to 3.0.23 to close bz#197836 CVE-2006-3403 Samba denial of service - include related spec file, filter-requires-samba.sh and patch changes from rawhide. - include the fixed smb.init file from rawhide, closing bz#182560 Wrong retval for initscript when smbd is dead Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24148
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24148
    titleFedora Core 5 : samba-3.0.23-1.fc5 (2006-807)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0591.NASL
    descriptionUpdated samba packages that fix a denial of service vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id22112
    published2006-07-28
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22112
    titleRHEL 2.1 / 3 / 4 : samba (RHSA-2006:0591)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-314-1.NASL
    descriptionThe Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27890
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27890
    titleUbuntu 5.04 / 5.10 / 6.06 LTS : samba vulnerability (USN-314-1)

Oval

accepted2013-04-29T04:13:29.186-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
familyunix
idoval:org.mitre.oval:def:11355
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
version27

Redhat

advisories
bugzilla
id197836
titleCVE-2006-3403 Samba denial of service
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentsamba-common is earlier than 0:3.0.10-1.4E.6.2
          ovaloval:com.redhat.rhsa:tst:20060591001
        • commentsamba-common is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060591002
      • AND
        • commentsamba-client is earlier than 0:3.0.10-1.4E.6.2
          ovaloval:com.redhat.rhsa:tst:20060591003
        • commentsamba-client is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060591004
      • AND
        • commentsamba is earlier than 0:3.0.10-1.4E.6.2
          ovaloval:com.redhat.rhsa:tst:20060591005
        • commentsamba is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060591006
      • AND
        • commentsamba-swat is earlier than 0:3.0.10-1.4E.6.2
          ovaloval:com.redhat.rhsa:tst:20060591007
        • commentsamba-swat is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060591008
rhsa
idRHSA-2006:0591
released2006-07-25
severityImportant
titleRHSA-2006:0591: samba security update (Important)
rpms
  • samba-0:3.0.10-1.4E.6.2
  • samba-0:3.0.9-1.3E.10
  • samba-client-0:3.0.10-1.4E.6.2
  • samba-client-0:3.0.9-1.3E.10
  • samba-common-0:3.0.10-1.4E.6.2
  • samba-common-0:3.0.9-1.3E.10
  • samba-debuginfo-0:3.0.10-1.4E.6.2
  • samba-debuginfo-0:3.0.9-1.3E.10
  • samba-swat-0:3.0.10-1.4E.6.2
  • samba-swat-0:3.0.9-1.3E.10

Seebug

bulletinFamilyexploit
descriptionApple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a>
idSSV:623
last seen2017-11-19
modified2006-11-29
published2006-11-29
reporterRoot
titleApple Mac OS X 2006-007存在多个安全漏洞

References