Vulnerabilities > CVE-2010-3069 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_CIFS-MOUNT-100914.NASL description A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code. (CVE-2010-3069) Additionally the update also contains fixes for the following non-security issues : - Failed to join ADS Domain. (bnc#567013) - Samba 3.0 / 3.2 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 50895 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50895 title SuSE 11 / 11.1 Security Update : Samba (SAT Patch Numbers 3099 / 3100) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(50895); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-3069"); script_name(english:"SuSE 11 / 11.1 Security Update : Samba (SAT Patch Numbers 3099 / 3100)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code. (CVE-2010-3069) Additionally the update also contains fixes for the following non-security issues : - Failed to join ADS Domain. (bnc#567013) - Samba 3.0 / 3.2 doesn't work with Windows 2008 R2 (NTLMv2). (bnc#592198) - SAMBA - Problem using NTLM authentication with 2008R2. (bnc#599873) - winbindd crashes in rpcclisettimeout. (bnc#613459) - new printers are not seen in samba with registry. (bnc#617153)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=567013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=573246" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=583535" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=592198" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=599873" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=613459" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=617153" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=630812" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=632055" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=632852" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=637218" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3069.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 3099 / 3100 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:cifs-mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ldapsmb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-krb-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-vscan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"cifs-mount-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libsmbclient0-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libtalloc1-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libtdb1-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libwbclient0-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"samba-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"samba-client-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"samba-krb-printing-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"samba-vscan-0.3.6b-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"samba-winbind-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"cifs-mount-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libsmbclient0-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libsmbclient0-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libtalloc1-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libtalloc1-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libtdb1-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libtdb1-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libwbclient0-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libwbclient0-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-client-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-client-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-krb-printing-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-vscan-0.3.6b-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-winbind-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"samba-winbind-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"cifs-mount-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libsmbclient0-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libtalloc1-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libtdb1-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"libwbclient0-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"samba-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"samba-client-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"samba-krb-printing-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"samba-winbind-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"cifs-mount-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libsmbclient0-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libsmbclient0-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libtalloc1-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libtalloc1-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libtdb1-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libtdb1-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libwbclient0-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"libwbclient0-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"samba-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"samba-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"samba-client-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"samba-client-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"samba-krb-printing-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"samba-winbind-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"samba-winbind-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"cifs-mount-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"ldapsmb-1.34b-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libsmbclient0-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libtalloc1-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libtdb1-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libwbclient0-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"samba-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"samba-client-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"samba-krb-printing-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"samba-winbind-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libsmbclient0-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libtalloc1-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libtdb1-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libwbclient0-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"samba-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"samba-client-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"samba-winbind-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libsmbclient0-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libtalloc1-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libtdb1-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libwbclient0-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"samba-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"samba-client-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"samba-winbind-32bit-3.2.7-11.21.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"cifs-mount-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"ldapsmb-1.34b-11.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libsmbclient0-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libtalloc1-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libtdb1-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"libwbclient0-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"samba-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"samba-client-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"samba-krb-printing-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"samba-winbind-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libsmbclient0-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libtalloc1-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libtdb1-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"libwbclient0-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"samba-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"samba-client-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"samba-winbind-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libsmbclient0-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libtalloc1-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libtdb1-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"libwbclient0-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"samba-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"samba-client-32bit-3.4.3-1.19.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"samba-winbind-32bit-3.4.3-1.19.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-257-01.NASL description New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49229 published 2010-09-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49229 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : samba (SSA:2010-257-01) NASL family SuSE Local Security Checks NASL id SUSE_CIFS-MOUNT-7151.NASL description A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code. (CVE-2010-3069) Additionally the update also contains fixes for the following non-security issues : - Failed to join ADS Domain. (bnc#567013) - Samba 3.0 / 3.2 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 49836 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49836 title SuSE 10 Security Update : Samba (ZYPP Patch Number 7151) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-004.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-004 applied. This update contains security- related fixes for the following components : - AirPort - App Store - ColorSync - CoreGraphics - ImageIO - Libsystem - libxslt - MySQL - patch - Samba - servermgrd - subversion last seen 2020-06-01 modified 2020-06-02 plugin id 55415 published 2011-06-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55415 title Mac OS X Multiple Vulnerabilities (Security Update 2011-004) NASL family SuSE Local Security Checks NASL id SUSE_11_2_CIFS-MOUNT-100915.NASL description A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code (CVE-2010-3069). Additionally the update also contains fixes for the following non-security issues: bnc#573246 - mounted shares via mount.cifs disappear when dhclient renews lease bnc#617153 - new printers are not seen in samba with registry bnc#630812 - net ads join failing due to malformed UPN bnc#632055 - No authentication dialog to access SMB share through Nautilus bnc#632852 - root preexec does not work as expected last seen 2020-06-01 modified 2020-06-02 plugin id 49670 published 2010-09-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49670 title openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0659-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_CIFS-MOUNT-100914.NASL description A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code (CVE-2010-3069). Additionally the update also contains fixes for the following non-security issues: bnc#567013 - Failed to join ADS Domain bnc#592198 - Samba 3.0 / 3.2 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 49667 published 2010-09-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49667 title openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0658-1) NASL family Misc. NASL id SAMBA_3_5_5.NASL description According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.5.5. The last seen 2020-06-01 modified 2020-06-02 plugin id 49228 published 2010-09-15 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49228 title Samba 3.x < 3.5.5 / 3.4.9 / 3.3.14 sid_parse Buffer Overflow NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-184.NASL description A vulnerability has been found and corrected in samba : Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share (CVE-2010-3069). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49263 published 2010-09-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49263 title Mandriva Linux Security Advisory : samba (MDVSA-2010:184) NASL family Scientific Linux Local Security Checks NASL id SL_20100914_SAMBA3X_ON_SL5_X.NASL description NOTE: This errata went out 2010-09-15, but this email was not sent. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60856 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60856 title Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0860.NASL description From Red Hat Security Advisory 2010:0860 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68138 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68138 title Oracle Linux 6 : samba (ELSA-2010-0860) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0860.NASL description Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 50632 published 2010-11-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50632 title RHEL 6 : samba (RHSA-2010:0860) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0697.NASL description Updated samba packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.3, and 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) For Red Hat Enterprise Linux 4, this update also fixes the following bug : * Previously, the restorecon utility was required during the installation of the samba-common package. As a result, attempting to update samba without this utility installed may have failed with the following error : /var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found With this update, the utility is only used when it is already present on the system, and the package is now always updated as expected. (BZ#629602) Users of Samba are advised to upgrade to these updated packages, which correct these issues. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 49261 published 2010-09-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49261 title CentOS 3 / 4 / 5 : samba (CESA-2010:0697) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0697.NASL description Updated samba packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.3, and 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) For Red Hat Enterprise Linux 4, this update also fixes the following bug : * Previously, the restorecon utility was required during the installation of the samba-common package. As a result, attempting to update samba without this utility installed may have failed with the following error : /var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found With this update, the utility is only used when it is already present on the system, and the package is now always updated as expected. (BZ#629602) Users of Samba are advised to upgrade to these updated packages, which correct these issues. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 49232 published 2010-09-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49232 title RHEL 3 / 4 / 5 : samba (RHSA-2010:0697) NASL family Fedora Local Security Checks NASL id FEDORA_2010-14627.NASL description ---------------------------------------------------------------------- ---------- ChangeLog : - Thu Sep 9 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.5-68 - Security Release, fixes CVE-2010-3069 - resolves: #630869 - Thu Aug 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-67 - Put winbind krb5 locator plugin into a separate rpm - resolves: #627181 - Tue Aug 24 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-66 - More fixes for winbind schannel - Thu Aug 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-65 - Fix winbind default domain - related: #618201 - Wed Aug 18 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-64 - Fix offline authentication - resolves: #618201 - Tue Aug 10 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-63 - Fix winbind secure channel (samlogonex) - Wed Jun 23 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-62 - Update to 3.5.4 - Wed May 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.3-61 - Update to 3.5.3 - Make sure nmb and smb initscripts return LSB compliant return codes - Fix winbind over ipv6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49247 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49247 title Fedora 13 : samba-3.5.5-68.fc13 (2010-14627) NASL family Solaris Local Security Checks NASL id SOLARIS10_146363-01.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Jan/04/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107590 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107590 title Solaris 10 (sparc) : 146363-01 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0698.NASL description From Red Hat Security Advisory 2010:0698 : Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68101 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68101 title Oracle Linux 5 : samba3x (ELSA-2010-0698) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LDAPSMB-100915.NASL description A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code (CVE-2010-3069). Additionally the update also contains fixes for the following non-security issues : bnc#567013 - Failed to join ADS Domain bnc#573246 - mounted shares via mount.cifs disappear when dhclient renews lease bnc#592198 - Samba 3.0 / 3.2 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 75568 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75568 title openSUSE Security Update : ldapsmb (openSUSE-SU-2010:0653-1) NASL family Scientific Linux Local Security Checks NASL id SL_20100914_SAMBA_ON_SL3_X.NASL description NOTE: This errata went out 2010-09-15, but this email was not sent. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) For Scientific Linux 4, this update also fixes the following bug : - Previously, the restorecon utility was required during the installationof the samba-common package. As a result, attempting to update sambawithout this utility installed may have failed with the following error : /var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found With this update, the utility is only used when it is already present on the system, and the package is now always updated as expected. (BZ#629602) After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60857 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60857 title Scientific Linux Security Update : samba on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2109.NASL description A vulnerability has been discovered in samba, a SMB/CIFS file, print, and login server for Unix. The sid_parse() function does not correctly check its input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. (CVE-2010-3069 ) last seen 2020-06-01 modified 2020-06-02 plugin id 49275 published 2010-09-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49275 title Debian DSA-2109-1 : samba - buffer overflow NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0019.NASL description a. Service Console update for samba The service console package samba is updated to version 3.0.9-1.3E.18. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3069 to this issue. b. Service Console update for bzip2 The service console package bzip2 is updated to version 1.0.2-14.EL3 in ESX 3.x and version 1.0.3-6 in ESX 4.x. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue. c. Service Console update for OpenSSL The service console package openssl updated to version 0.9.7a-33.26. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-2409 and CVE-2009-3555 to the issues addressed in this update. last seen 2020-06-01 modified 2020-06-02 plugin id 51077 published 2010-12-08 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51077 title VMSA-2010-0019 : VMware ESX third-party updates for Service Console NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_7.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 52754 published 2011-03-22 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52754 title Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-22.NASL description The remote host is affected by the vulnerability described in GLSA-201206-22 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service condition, take ownership of shared files, or bypass file permissions. Furthermore, a local attacker may be able to cause a Denial of Service condition or obtain sensitive information in a Samba credentials file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59675 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59675 title GLSA-201206-22 : Samba: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-3120.NASL description - Tue Mar 8 2011 Guenther Deschner <gdeschner at redhat.com> - 3.5.8-74 - Update to 3.5.8 - resolves: #617482 - Thu Mar 3 2011 Guenther Deschner <gdeschner at redhat.com> - 3.5.7-73 - Security update to 3.5.7 to address CVE-2011-0719 - resolves: #681852 - Thu Jan 6 2011 Guenther Deschner <gdeschner at redhat.com> - 3.5.6-72 - Fix GSSAPI checksum for some SMB servers - resolves: #667644 - Thu Nov 18 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.6-71 - Fix libsmbclient SMB signing - resolves: #598620 - Mon Nov 1 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.6-70 - Handle no network case in init scripts - resolves: #604147 - Fri Oct 8 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.6-69 - Update to 3.5.6 - resolves: #617771 - Thu Sep 9 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.5-68 - Security Release, fixes CVE-2010-3069 - resolves: #630869 - Thu Aug 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-67 - Put winbind krb5 locator plugin into a separate rpm - resolves: #627181 - Tue Aug 24 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-66 - More fixes for winbind schannel - Thu Aug 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-65 - Fix winbind default domain - related: #618201 - Wed Aug 18 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-64 - Fix offline authentication - resolves: #618201 - Tue Aug 10 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-63 - Fix winbind secure channel (samlogonex) - Wed Jun 23 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.4-62 - Update to 3.5.4 - Wed May 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.5.3-61 - Update to 3.5.3 - Make sure nmb and smb initscripts return LSB compliant return codes - Fix winbind over ipv6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52723 published 2011-03-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52723 title Fedora 13 : samba-3.5.8-74.fc13 (2011-3120) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0698.NASL description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 49233 published 2010-09-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49233 title RHEL 5 : samba3x (RHSA-2010:0698) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0697.NASL description From Red Hat Security Advisory 2010:0697 : Updated samba packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.3, and 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) For Red Hat Enterprise Linux 4, this update also fixes the following bug : * Previously, the restorecon utility was required during the installation of the samba-common package. As a result, attempting to update samba without this utility installed may have failed with the following error : /var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found With this update, the utility is only used when it is already present on the system, and the package is now always updated as expected. (BZ#629602) Users of Samba are advised to upgrade to these updated packages, which correct these issues. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68100 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68100 title Oracle Linux 3 / 4 / 5 : samba (ELSA-2010-0697) NASL family SuSE Local Security Checks NASL id SUSE9_12644.NASL description A buffer overflow in the sid_parse() function of samba could potentially be exploited by remote attackers to execute arbitrary code. (CVE-2010-3069) Additionally the update also contains fixes for the following non-security issues : - bnc#567013 - Failed to join ADS Domain - bnc#592198 - Samba 3.0 / 3.2 doesn last seen 2020-06-01 modified 2020-06-02 plugin id 49759 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49759 title SuSE9 Security Update : Samba (YOU Patch Number 12644) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0019_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - bzip2 - Network Security Services (NSS) Library - OpenSSL - Samba last seen 2020-06-01 modified 2020-06-02 plugin id 89745 published 2016-03-08 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89745 title VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check) NASL family Fedora Local Security Checks NASL id FEDORA_2010-14678.NASL description - Thu Sep 9 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.9-60 - Security Release, fixes CVE-2010-3069 - resolves: #630869 - Wed May 12 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.8-59 - Update to 3.4.8 - Make sure nmb and smb initscripts return LSB compliant return codes - resolves: #521095 - Mon Mar 8 2010 Simo Sorce <ssorce at redhat.com> - 3.4.7-58 - Security update to 3.4.7 - Fixes CVE-2010-0728 - Wed Feb 24 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.6-57 - Update to 3.4.6 - Wed Feb 17 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-56 - Fix crash in cifs.upcall - resolves: #565446 - Tue Jan 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-55 - Security Release, fixes CVE-2009-3297 - resolves: #532940 - Tue Jan 26 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-54 - Fix crash in pdbedit - resolves: #541267 - Tue Jan 19 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.5-53 - Update to 3.4.5 - Thu Jan 14 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.4-52 - Fix crash bug in libsmbclient (SMBC_parse_path) - resolves: #552658 - Thu Jan 7 2010 Guenther Deschner <gdeschner at redhat.com> - 3.4.4-51 - Update to 3.4.4 - Tue Dec 1 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-50 - Fix uninitialized rpc client pipe, causing winbind to crash - resolves: #541328 - Wed Nov 25 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-49 - Various updates to inline documentation in default smb.conf file - resolves: #483703 - Thu Oct 29 2009 Guenther Deschner <gdeschner at redhat.com> - 3.4.3-48 - Update to 3.4.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49248 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49248 title Fedora 12 : samba-3.4.9-60.fc12 (2010-14678) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-987-1.NASL description Andrew Bartlett discovered that Samba did not correctly validate the length when parsing SIDs. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code with the privileges of the Samba service (smbd). The default compiler options for Ubuntu 8.04 LTS and newer should reduce the vulnerability to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49236 published 2010-09-15 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49236 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : samba vulnerability (USN-987-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-14768.NASL description ---------------------------------------------------------------------- ---------- Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49249 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49249 title Fedora 14 : samba-3.5.5-68.fc14 (2010-14768) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_146364-01.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Jan/04/11 last seen 2020-06-01 modified 2020-06-02 plugin id 108085 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108085 title Solaris 10 (x86) : 146364-01 NASL family Scientific Linux Local Security Checks NASL id SL_20101110_SAMBA_ON_SL6_X.NASL description A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60897 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60897 title Scientific Linux Security Update : samba on SL6.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0698.NASL description Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 49262 published 2010-09-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49262 title CentOS 5 : samba3x (CESA-2010:0698)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.vupen.com/english/advisories/2010/2378
- http://secunia.com/advisories/41354
- http://www.securityfocus.com/bid/43212
- http://us1.samba.org/samba/security/CVE-2010-3069.html
- http://www.securitytracker.com/id?1024434
- http://us1.samba.org/samba/history/samba-3.5.5.html
- http://secunia.com/advisories/41447
- http://www.ubuntu.com/usn/USN-987-1
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html
- http://www.redhat.com/support/errata/RHSA-2010-0860.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://secunia.com/advisories/42531
- http://www.vupen.com/english/advisories/2010/3126
- http://www.vmware.com/security/advisories/VMSA-2010-0019.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://www.vupen.com/english/advisories/2011/0091
- http://secunia.com/advisories/42885
- http://support.apple.com/kb/HT4581
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- http://support.apple.com/kb/HT4723
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
- http://marc.info/?l=bugtraq&m=130835366526620&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61773
- http://www.securityfocus.com/archive/1/515055/100/0/threaded