Vulnerabilities > CVE-2012-0817 - Information Exposure vulnerability in Samba 3.6.0/3.6.1/3.6.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-109.NASL description - Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986). - Use spdx.org compliant license names for all packages. - Update to 3.6.2. See WHATSNEW.txt from the main tar ball or the samba.changes file for more details. - s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504). - Use correct license, LGPLv3+ for libwbclient packages. - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). - Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504). - Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710). - Renaming a symlink fails if the symlink target is outside of the share; (bso#8664). - Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). - net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don last seen 2020-06-05 modified 2014-06-13 plugin id 74545 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74545 title openSUSE Security Update : samba (openSUSE-2012-109) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-109. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74545); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-0817"); script_name(english:"openSUSE Security Update : samba (openSUSE-2012-109)"); script_summary(english:"Check for the openSUSE-2012-109 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986). - Use spdx.org compliant license names for all packages. - Update to 3.6.2. See WHATSNEW.txt from the main tar ball or the samba.changes file for more details. - s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504). - Use correct license, LGPLv3+ for libwbclient packages. - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). - Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504). - Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710). - Renaming a symlink fails if the symlink target is outside of the share; (bso#8664). - Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). - net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628). - Recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). - s3-winbind: Fix segfault if we can't map the last user; (bso#8678). - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). - s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb; (bso#8652). - Winbind can't receive any user/group information; (bso#8371). - s3-winbind: Add an update function for winbind cache; (bso#8643). - s3: Attempt to fix the vfs_commit module. - POSIX ACE x permission becomes rx following mapping to and from a DACL; (#bso#8631). - s3:libsmb: only align unicode pipe_name; (bso#8586). - s3-winbind: Don't fail on users without a uid; (bso#8608). - Crash when trying to browse samba printers; (bso#8623). - talloc: double free error; (bso#8562). - cldap doesn't work over ipv6; (bso#8600). - s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326). - SMB2: not granting credits for all requests in a compound request; (bso#8614). - smb2_flush sends uninitialized memory; (bso#8579). - Password change settings not fully observed; (bso#8561). - s3:smb2_server: grant credits in async interim responses; (bso#8357). - s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592). - samr_ChangePasswordUser3 IDL incorrect; (bso#8591). - idmap_autorid does not have allocation pool; (bso#8444). - Add systemd service files. - s3:libsmb: the workgroup in the non-extended-security negprot is not aligned; (bso#8573). - s3-build: Fix inotify detection; (bso#8580). - SMB2 doesn't handle compound request headers in the same way as Windows; (#bso8560). - Disconnecting clients swamp the logs; (bso#8585). - s3-netlogon: Fix setting the machinge account password; (bso#8550). - winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548). - smbclient posix_open command fails to return correct info on open file; (bso#8542). - readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). - s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465). - s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531). - s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string; (bso#8528). - Make VFS op 'streaminfo' stackable; (bso#8419). - Fix incorrect perfcount array length calculations; (bnc#739258). - BuildRequire autoconf to avoid implicit dependency for post-11.4 systems. - Remove call to suse_update_config macro for post-11.4 systems. - Use samba.org for the ldapsmb source location. - Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile; (bnc #729516). - Add ldap to Should-Start and Stop of the smb init script; (bnc#730046). - Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571). - Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564). - Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145). - Fix typo in net ads join output; (bnc#713135). - Add 'ldapsam:login cache' parameter to allow explicit disabling of the login cache; (bnc#723261). - Fix samba duplicates file content on appending. Move posix case semantics out from under the VFS; (bso#6898); (bnc#681208). - Make winbind child reconnect when remote end has closed, fix failing sudo; (bso#7295); (bnc#569721). - Fix printing from Windows 7 clients; (bso#7567); (bnc#687535). - Update pidl and always compile IDL at build time; (bnc#688810). - Abide by print$ share 'force user' & 'force group' settings when handling AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=569721" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=653353" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=681208" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=687535" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=688810" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=713135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=723261" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=726145" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=729516" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=730046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=731571" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732395" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=739258" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=740810" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=742504" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743986" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=744614" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ldapsmb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbsharemodes0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-krb-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"ldapsmb-1.34b-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libldb-devel-1.0.2-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libldb1-1.0.2-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libldb1-debuginfo-1.0.2-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libnetapi-devel-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libnetapi0-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libnetapi0-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libsmbclient-devel-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libsmbclient0-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libsmbclient0-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libsmbsharemodes-devel-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libsmbsharemodes0-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libsmbsharemodes0-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtalloc-devel-2.0.5-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtalloc2-2.0.5-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtalloc2-debuginfo-2.0.5-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtdb-devel-1.2.9-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtdb1-1.2.9-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtdb1-debuginfo-1.2.9-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtevent-devel-0.9.11-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtevent0-0.9.11-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libtevent0-debuginfo-0.9.11-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libwbclient-devel-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libwbclient0-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libwbclient0-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-client-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-client-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-debugsource-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-devel-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-krb-printing-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-krb-printing-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-winbind-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"samba-winbind-debuginfo-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libldb1-32bit-1.0.2-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libldb1-debuginfo-32bit-1.0.2-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libtalloc2-32bit-2.0.5-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libtalloc2-debuginfo-32bit-2.0.5-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libtdb1-32bit-1.2.9-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libtdb1-debuginfo-32bit-1.2.9-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libtevent0-32bit-0.9.11-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libtevent0-debuginfo-32bit-0.9.11-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"samba-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"samba-client-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"samba-debuginfo-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-34.6.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-3.6.3-34.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ldapsmb / libldb-devel / libldb1 / libldb1-32bit / etc"); }NASL family Misc. NASL id SAMBA_3_6_3.NASL description According to its banner, the version of Samba 3.6.x running on the remote host is earlier than 3.6.3. Errors exist in the files last seen 2020-06-01 modified 2020-06-02 plugin id 57752 published 2012-01-31 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57752 title Samba 3.6.x < 3.6.3 Denial of Service code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(57752); script_version("1.8"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-0817"); script_bugtraq_id(51713); script_name(english:"Samba 3.6.x < 3.6.3 Denial of Service"); script_summary(english:"Checks version of Samba"); script_set_attribute(attribute:"synopsis", value: "The remote Samba server is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its banner, the version of Samba 3.6.x running on the remote host is earlier than 3.6.3. Errors exist in the files 'source3/lib/substitute.c' and 'sources3/smbd/server.c' that leak small amounts of memory when processing every connection attempt. An attacker can continually make connections to the server and cause a denial of service attack against the affected smbd service. Note that Nessus has not actually tried to exploit this issue or otherwise determine if the patch has been applied."); script_set_attribute(attribute:"solution", value: "Either install the patch referenced in the project's advisory or upgrade to 3.6.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2012-0817"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-3.6.3.html"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5ed8bb9b"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/31"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_kb_item("SMB/transport"); lanman = get_kb_item_or_exit("SMB/NativeLanManager"); if ("Samba " >!< lanman) exit(0, "The SMB service listening on port "+port+" is not running Samba."); if (lanman =~ '^Samba 3(\\.6)?$') exit(1, "The version, "+lanman+", of the SMB service listening on port "+port+" is not granular enough to make a determination."); if ("Samba 3.6" >!< lanman) exit(0, "The SMB service listening on port "+port+" is not running Samba 3.6.x."); version = lanman - 'Samba '; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if (ver[0] == 3 && ver[1] == 6 && ver[2] < 3) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : 3.6.3\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else exit(0, 'The Samba '+version+' install listening on port '+port+' is not affected.');NASL family Fedora Local Security Checks NASL id FEDORA_2012-1098.NASL description This is a security release in order to address CVE-2012-0817 (Memory leak/Denial of service). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-02-09 plugin id 57868 published 2012-02-09 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57868 title Fedora 16 : samba-3.6.3-78.fc16 (2012-1098) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-1098. # include("compat.inc"); if (description) { script_id(57868); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-0817"); script_bugtraq_id(51713); script_xref(name:"FEDORA", value:"2012-1098"); script_name(english:"Fedora 16 : samba-3.6.3-78.fc16 (2012-1098)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is a security release in order to address CVE-2012-0817 (Memory leak/Denial of service). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=785746" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/072930.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c7172f49" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"samba-3.6.3-78.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }NASL family SuSE Local Security Checks NASL id SUSE_11_LDAPSMB-120415.NASL description The following issues have been fixed in Samba : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182) - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. (CVE-2012-0870) - Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed :. (CVE-2012-0817) - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797). - s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807);. (bnc#751454) - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);. (bnc#741854) - s3-printing: fix crash in printer_list_set_printer(); (bso#8762);. (bnc#746825) - s3:winbindd fix a return code check; (bso#8406). - s3: Add rmdir operation to streams_depot; (bso#8733). - s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738). - s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572) - Remove all precompiled idl output to ensure any pidl changes take effect;. (bnc#757080) last seen 2020-06-05 modified 2012-04-17 plugin id 58767 published 2012-04-17 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58767 title SuSE 11.2 Security Update : Samba (SAT Patch Number 6145) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(58767); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-0817", "CVE-2012-0870", "CVE-2012-1182"); script_name(english:"SuSE 11.2 Security Update : Samba (SAT Patch Number 6145)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following issues have been fixed in Samba : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182) - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. (CVE-2012-0870) - Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed :. (CVE-2012-0817) - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797). - s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807);. (bnc#751454) - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);. (bnc#741854) - s3-printing: fix crash in printer_list_set_printer(); (bso#8762);. (bnc#746825) - s3:winbindd fix a return code check; (bso#8406). - s3: Add rmdir operation to streams_depot; (bso#8733). - s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738). - s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572) - Remove all precompiled idl output to ensure any pidl changes take effect;. (bnc#757080)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732395" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=732572" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=741854" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=743986" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=746825" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=747934" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=751454" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=752797" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=757080" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0817.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0870.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-1182.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6145."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ldapsmb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libldb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libldb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtevent0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtevent0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-krb-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libldb1-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libsmbclient0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtalloc2-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtdb1-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtevent0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libwbclient0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-client-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-doc-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-krb-printing-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-winbind-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libldb1-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libldb1-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libsmbclient0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc2-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtdb1-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtevent0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libwbclient0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-client-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-doc-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-krb-printing-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-winbind-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ldapsmb-1.34b-12.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libldb1-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libsmbclient0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libtalloc2-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libtdb1-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libtevent0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libwbclient0-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-client-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-doc-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-krb-printing-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-winbind-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libsmbclient0-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtalloc2-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtdb1-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libwbclient0-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-client-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-winbind-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.22.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.22.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072930.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
- http://secunia.com/advisories/47763
- http://secunia.com/advisories/48879
- http://www.samba.org/samba/history/samba-3.6.3.html
- http://www.samba.org/samba/security/CVE-2012-0817