Vulnerabilities > CVE-2012-1182 - Numeric Errors vulnerability in Samba

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

samba

CWE-189

critical

nessus

exploit available

metasploit

NVD

Published: 2012-04-10

Updated: 2018-10-30

Summary

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 3.0.0 Samba Samba 3.0.1 Samba Samba 3.0.2 Samba Samba 3.0.2A Samba Samba 3.0.3 Samba Samba 3.0.4 Samba Samba 3.0.5 Samba Samba 3.0.6 Samba Samba 3.0.7 Samba Samba 3.0.8 Samba Samba 3.0.9 Samba Samba 3.0.10 Samba Samba 3.0.11 Samba Samba 3.0.12 Samba Samba 3.0.13 Samba Samba 3.0.14 Samba Samba 3.0.14A Samba Samba 3.0.15 Samba Samba 3.0.16 Samba Samba 3.0.17 Samba Samba 3.0.18 Samba Samba 3.0.19 Samba Samba 3.0.20 Samba Samba 3.0.20A Samba Samba 3.0.20B Samba Samba 3.0.21 Samba Samba 3.0.21A Samba Samba 3.0.21B Samba Samba 3.0.21C Samba Samba 3.0.22 Samba Samba 3.0.23 Samba Samba 3.0.23A Samba Samba 3.0.23B Samba Samba 3.0.23C Samba Samba 3.0.23D Samba Samba 3.0.24 Samba Samba 3.0.25 Samba Samba 3.0.25A Samba Samba 3.0.25B Samba Samba 3.0.25C Samba Samba 3.0.26 Samba Samba 3.0.26A Samba Samba 3.0.27 Samba Samba 3.0.28 Samba Samba 3.0.29 Samba Samba 3.0.30 Samba Samba 3.0.31 Samba Samba 3.0.32 Samba Samba 3.0.33 Samba Samba 3.0.34 Samba Samba 3.0.35 Samba Samba 3.0.36 Samba Samba 3.0.37 Samba Samba 3.1.0 Samba Samba 3.2.0 Samba Samba 3.2.1 Samba Samba 3.2.2 Samba Samba 3.2.3 Samba Samba 3.2.4 Samba Samba 3.2.5 Samba Samba 3.2.6 Samba Samba 3.2.7 Samba Samba 3.2.8 Samba Samba 3.2.9 Samba Samba 3.2.10 Samba Samba 3.2.11 Samba Samba 3.2.12 Samba Samba 3.2.13 Samba Samba 3.2.14 Samba Samba 3.2.15 Samba Samba 3.3.0 Samba Samba 3.3.1 Samba Samba 3.3.2 Samba Samba 3.3.3 Samba Samba 3.3.4 Samba Samba 3.3.5 Samba Samba 3.3.6 Samba Samba 3.3.7 Samba Samba 3.3.8 Samba Samba 3.3.9 Samba Samba 3.3.10 Samba Samba 3.3.11 Samba Samba 3.3.12 Samba Samba 3.3.13 Samba Samba 3.3.14 Samba Samba 3.3.15 Samba Samba 3.3.16 Samba Samba 3.4.0 Samba Samba 3.4.1 Samba Samba 3.4.2 Samba Samba 3.4.3 Samba Samba 3.4.4 Samba Samba 3.4.5 Samba Samba 3.4.6 Samba Samba 3.4.7 Samba Samba 3.4.8 Samba Samba 3.4.9 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba Samba 3.4.12 Samba Samba 3.4.13 Samba Samba 3.4.14 Samba Samba - Samba Samba 1.9.17 Samba Samba 1.9.18 Samba Samba 2.0 Samba Samba 2.0.0 Samba Samba 2.0.1 Samba Samba 2.0.2 Samba Samba 2.0.3 Samba Samba 2.0.4 Samba Samba 2.0.5 Samba Samba 2.0.5A Samba Samba 2.0.6 Samba Samba 2.0.7 Samba Samba 2.0.8 Samba Samba 2.0.9 Samba Samba 2.0.10 Samba Samba 2.2 Samba Samba 2.2.0 Samba Samba 2.2.0A Samba Samba 2.2.1 Samba Samba 2.2.1A Samba Samba 2.2.2 Samba Samba 2.2.3 Samba Samba 2.2.3A Samba Samba 2.2.4 Samba Samba 2.2.5 Samba Samba 2.2.6 Samba Samba 2.2.7 Samba Samba 2.2.7A Samba Samba 2.2.8 Samba Samba 2.2.8A Samba Samba 2.2.9 Samba Samba 2.2.10 Samba Samba 2.2.11 Samba Samba 2.2.12 Samba Samba 2.2A Samba Samba 2.18.3 Samba Samba 3.0 Samba Samba 3.1 Samba Samba 3.4.15 Samba Samba 3.5.0 Samba Samba 3.5.1 Samba Samba 3.5.2 Samba Samba 3.5.3 Samba Samba 3.5.4 Samba Samba 3.5.5 Samba Samba 3.5.6 Samba Samba 3.5.7 Samba Samba 3.5.8 Samba Samba 3.5.9 Samba Samba 3.5.10 Samba Samba 3.5.11 Samba Samba 3.5.12 Samba Samba 3.5.13 Samba Samba 3.6.0 Samba Samba 3.6.1 Samba Samba 3.6.2 Samba Samba 3.6.3	203

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Exploit-Db

description	Samba SetInformationPolicy AuditEventsInfo Heap Overflow. CVE-2012-1182. Remote exploit for linux platform
id	EDB-ID:21850
last seen	2016-02-02
modified	2012-10-10
published	2012-10-10
reporter	metasploit
source	https://www.exploit-db.com/download/21850/
title	Samba SetInformationPolicy AuditEventsInfo Heap Overflow

Metasploit

description	This module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the stackpivot/rop chain or the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.
id	MSF:EXPLOIT/LINUX/SAMBA/SETINFOPOLICY_HEAP
last seen	2020-05-01
modified	2017-07-24
published	2012-09-27
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/samba/setinfopolicy_heap.rb
title	Samba SetInformationPolicy AuditEventsInfo Heap Overflow

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-224.NASL
description	Samba upgrade to version 3.6.3 fixes the following security issue : - PIDL based autogenerated code allows overwriting beyond of allocated array. Remove attackers could exploit that to execute arbitrary code as root (CVE-2012-1182, bso#8815, bnc#752797) Please see /usr/share/doc/packages/samba/WHATSNEW.txt from the samba-doc package or the package change log (rpm -q --changelog samba) for more details of the version update.
last seen	2020-06-05
modified	2014-06-13
plugin id	74601
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74601
title	openSUSE Security Update : samba (openSUSE-SU-2012:0508-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-224. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74601); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-1182"); script_name(english:"openSUSE Security Update : samba (openSUSE-SU-2012:0508-1)"); script_summary(english:"Check for the openSUSE-2012-224 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Samba upgrade to version 3.6.3 fixes the following security issue : - PIDL based autogenerated code allows overwriting beyond of allocated array. Remove attackers could exploit that to execute arbitrary code as root (CVE-2012-1182, bso#8815, bnc#752797) Please see /usr/share/doc/packages/samba/WHATSNEW.txt from the samba-doc package or the package change log (rpm -q --changelog samba) for more details of the version update." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=752797" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-04/msg00036.html" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ldapsmb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldb1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbsharemodes0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtalloc2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtdb1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-krb-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-krb-printing-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.4", reference:"ldapsmb-1.34b-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libldb-devel-1.0.2-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libldb1-1.0.2-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libldb1-debuginfo-1.0.2-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libnetapi-devel-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libnetapi0-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libnetapi0-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libsmbclient-devel-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libsmbclient0-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libsmbclient0-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libsmbsharemodes-devel-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libsmbsharemodes0-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libsmbsharemodes0-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtalloc-devel-2.0.5-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtalloc2-2.0.5-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtalloc2-debuginfo-2.0.5-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtdb-devel-1.2.9-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtdb1-1.2.9-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtdb1-debuginfo-1.2.9-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtevent-devel-0.9.11-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtevent0-0.9.11-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libtevent0-debuginfo-0.9.11-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libwbclient-devel-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libwbclient0-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"libwbclient0-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-client-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-client-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-debugsource-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-devel-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-krb-printing-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-krb-printing-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-winbind-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", reference:"samba-winbind-debuginfo-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libldb1-32bit-1.0.2-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libldb1-debuginfo-32bit-1.0.2-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtalloc2-32bit-2.0.5-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtalloc2-debuginfo-32bit-2.0.5-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtdb1-32bit-1.2.9-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtdb1-debuginfo-32bit-1.2.9-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtevent0-32bit-0.9.11-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libtevent0-debuginfo-32bit-0.9.11-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"samba-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"samba-client-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"samba-debuginfo-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-112.1") ) flag++; if ( rpm_check(release:"SUSE11.4", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-3.6.3-112.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ldapsmb / libldb-devel / libldb1 / libldb1-32bit / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-5843.NASL
description	Fixes CVE-2010-1182. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-04-16
plugin id	58755
published	2012-04-16
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58755
title	Fedora 16 : samba-3.6.4-82.fc16 (2012-5843)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-5843. # include("compat.inc"); if (description) { script_id(58755); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1182"); script_xref(name:"FEDORA", value:"2012-5843"); script_name(english:"Fedora 16 : samba-3.6.4-82.fc16 (2012-5843)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVE-2010-1182. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=811392" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?78503d7f" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"samba-3.6.4-82.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_BAF37CD2835111E1894E00215C6A37BB.NASL
description	Samba development team reports : Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the
last seen	2020-06-01
modified	2020-06-02
plugin id	58671
published	2012-04-11
reporter	This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58671
title	FreeBSD : samba -- 'root' credential remote code execution (baf37cd2-8351-11e1-894e-00215c6a37bb)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(58671); script_version("1.9"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2012-1182"); script_name(english:"FreeBSD : samba -- 'root' credential remote code execution (baf37cd2-8351-11e1-894e-00215c6a37bb)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Samba development team reports : Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the 'root' user from an anonymous connection. As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately." ); # https://vuxml.freebsd.org/freebsd/baf37cd2-8351-11e1-894e-00215c6a37bb.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?42d55cea" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba34"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba35"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba36"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"samba34>3.4.<3.4.16")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba35>3.5.<3.5.14")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba36>3.6.*<3.6.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20120410_SAMBA_ON_SL5_X.NASL
description	Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-03-18
modified	2012-08-01
plugin id	61298
published	2012-08-01
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61298
title	Scientific Linux Security Update : samba on SL5.x, SL6.x i386/x86_64 (20120410)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61298); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1182"); script_name(english:"Scientific Linux Security Update : samba on SL5.x, SL6.x i386/x86_64 (20120410)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1204&L=scientific-linux-errata&T=0&P=972 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?391e04eb" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba SetInformationPolicy AuditEventsInfo Heap Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"libsmbclient-3.0.33-3.39.el5_8")) flag++; if (rpm_check(release:"SL5", reference:"libsmbclient-devel-3.0.33-3.39.el5_8")) flag++; if (rpm_check(release:"SL5", reference:"samba-3.0.33-3.39.el5_8")) flag++; if (rpm_check(release:"SL5", reference:"samba-client-3.0.33-3.39.el5_8")) flag++; if (rpm_check(release:"SL5", reference:"samba-common-3.0.33-3.39.el5_8")) flag++; if (rpm_check(release:"SL5", reference:"samba-debuginfo-3.0.33-3.39.el5_8")) flag++; if (rpm_check(release:"SL5", reference:"samba-swat-3.0.33-3.39.el5_8")) flag++; if (rpm_check(release:"SL6", reference:"libsmbclient-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"libsmbclient-devel-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-client-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-common-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-debuginfo-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-doc-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-domainjoin-gui-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-swat-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-clients-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-devel-3.5.10-115.el6_2")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-krb5-locator-3.5.10-115.el6_2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc"); }

NASL family	Misc.
NASL id	SAMBA_RPC_MULTIPLE_BUFFER_OVERFLOWS.NASL
description	According to its banner, the version of Samba 3.x running on the remote host is earlier than 3.6.4 / 3.5.14 / 3.4.16. It is, therefore, affected by multiple heap-based buffer overflow vulnerabilities. An error in the DCE/RPC IDL (PIDL) compiler causes the RPC handling code it generates to contain multiple heap-based buffer overflow vulnerabilities. This generated code can allow a remote, unauthenticated attacker to use malicious RPC calls to crash the application and possibly execute arbitrary code as the root user. Note that Nessus has not actually tried to exploit this issue or otherwise determine if one of the associated patches has been applied.
last seen	2020-06-01
modified	2020-06-02
plugin id	58662
published	2012-04-11
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58662
title	Samba 3.x < 3.6.4 / 3.5.14 / 3.4.16 RPC Multiple Buffer Overflows

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0506.NASL
description	Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	65141
published	2013-03-10
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65141
title	CentOS 6 : samba4 (CESA-2013:0506)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0515.NASL
description	Updated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	64763
published	2013-02-21
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64763
title	RHEL 6 : openchange (RHSA-2013:0515)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2012-223.NASL
description	- Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the
last seen	2020-06-05
modified	2014-06-13
plugin id	74600
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74600
title	openSUSE Security Update : samba (openSUSE-SU-2012:0507-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_CIFS-MOUNT-120411.NASL
description	A remote code execution flaw in Samba has been fixed : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182) Also the following bugs have been fixed : - Samba printer name marshalling problems. (bnc#722663) - mount.cifs: properly update mtab during remount. (bnc#747906) - s3: compile IDL files in autogen, some configure tests need this. - Fix incorrect types in the full audit VFS module. Add null terminators to audit log enums. (bnc#742885) - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572)
last seen	2020-06-05
modified	2012-04-16
plugin id	58764
published	2012-04-16
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58764
title	SuSE 11.1 Security Update : Samba (SAT Patch Number 6124)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0515.NASL
description	Updated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	65147
published	2013-03-10
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65147
title	CentOS 6 : evolution-mapi / openchange (CESA-2013:0515)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2012-055.NASL
description	A vulnerability has been found and corrected in samba : The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call (CVE-2012-1182). The updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	58716
published	2012-04-12
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58716
title	Mandriva Linux Security Advisory : samba (MDVSA-2012:055)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130221_OPENCHANGE_ON_SL6_X.NASL
description	A flaw was found in the Samba suite
last seen	2020-03-18
modified	2013-03-05
plugin id	65013
published	2013-03-05
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65013
title	Scientific Linux Security Update : openchange on SL6.x i386/x86_64 (20130221)

NASL family	SuSE Local Security Checks
NASL id	SUSE_CIFS-MOUNT-8058.NASL
description	A remote code execution flaw in Samba has been fixed : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182)
last seen	2020-06-05
modified	2012-04-16
plugin id	58765
published	2012-04-16
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58765
title	SuSE 10 Security Update : Samba (ZYPP Patch Number 8058)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0506.NASL
description	From Red Hat Security Advisory 2013:0506 : Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	68746
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68746
title	Oracle Linux 6 : samba4 (ELSA-2013-0506)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-5805.NASL
description	Fix for CVE-2012-1182. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-04-23
plugin id	58823
published	2012-04-23
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58823
title	Fedora 15 : samba-3.5.14-73.fc15.1 (2012-5805)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-0466.NASL
description	From Red Hat Security Advisory 2012:0466 : Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	68507
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68507
title	Oracle Linux 5 : samba3x (ELSA-2012-0466)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130221_SAMBA4_ON_SL6_X.NASL
description	A flaw was found in the Samba suite
last seen	2020-03-18
modified	2013-03-05
plugin id	65015
published	2013-03-05
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65015
title	Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20130221)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-0478.NASL
description	Description of changes: [3.0.33-3.36.el4] - Security Release, fixes CVE-2012-1182 - resolves: #812010
last seen	2020-06-01
modified	2020-06-02
plugin id	68512
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68512
title	Oracle Linux 4 : samba (ELSA-2012-0478)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201206-22.NASL
description	The remote host is affected by the vulnerability described in GLSA-201206-22 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service condition, take ownership of shared files, or bypass file permissions. Furthermore, a local attacker may be able to cause a Denial of Service condition or obtain sensitive information in a Samba credentials file. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	59675
published	2012-06-25
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/59675
title	GLSA-201206-22 : Samba: Multiple vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-0466.NASL
description	Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	58664
published	2012-04-11
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58664
title	CentOS 5 : samba3x (CESA-2012:0466)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0465.NASL
description	Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-04-16
modified	2012-04-11
plugin id	58672
published	2012-04-11
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58672
title	RHEL 5 / 6 : samba (RHSA-2012:0465)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-6382.NASL
description	This update fixes CVE-2012-1182. Rebuilt to run with pytalloc 2.0.6 New samba4 alpha release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-05-16
plugin id	59098
published	2012-05-16
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/59098
title	Fedora 16 : samba4-4.0.0-38.alpha16.fc16 (2012-6382)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-1423-1.NASL
description	Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user. (CVE-2012-1182). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	58743
published	2012-04-13
reporter	Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58743
title	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2012-002.NASL
description	The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-002 applied. This update contains multiple security-related fixes for the following components : - curl - Directory Service - ImageIO - libarchive - libsecurity - libxml - Quartz Composer - QuickTime - Ruby - Samba - Security Framework
last seen	2020-06-01
modified	2020-06-02
plugin id	59067
published	2012-05-10
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/59067
title	Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0515.NASL
description	From Red Hat Security Advisory 2013:0515 : Updated openchange packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	68752
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68752
title	Oracle Linux 6 : openchange (ELSA-2013-0515)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_LDAPSMB-120415.NASL
description	The following issues have been fixed in Samba : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. (CVE-2012-1182) - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. (CVE-2012-0870) - Fix memory leak in parent smbd on connection Also the following non-security bugs have been fixed :. (CVE-2012-0817) - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797). - s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784). - Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807);. (bnc#751454) - Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760);. (bnc#741854) - s3-printing: fix crash in printer_list_set_printer(); (bso#8762);. (bnc#746825) - s3:winbindd fix a return code check; (bso#8406). - s3: Add rmdir operation to streams_depot; (bso#8733). - s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738). - s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739). - Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631);. (bnc#732572) - Remove all precompiled idl output to ensure any pidl changes take effect;. (bnc#757080)
last seen	2020-06-05
modified	2012-04-17
plugin id	58767
published	2012-04-17
reporter	This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/58767
title	SuSE 11.2 Security Update : Samba (SAT Patch Number 6145)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2012-0465.NASL
description	Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	58663
published	2012-04-11
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58663
title	CentOS 5 / 6 : samba (CESA-2012:0465)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2012-0466.NASL
description	Updated samba3x packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-04-16
modified	2012-04-11
plugin id	58673
published	2012-04-11
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58673
title	RHEL 5 : samba3x (RHSA-2012:0466)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-6349.NASL
description	This update fixes CVE-2012-1182. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-05-04
plugin id	58980
published	2012-05-04
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58980
title	Fedora 15 : samba4-4.0.0-26.alpha11.fc15.6 (2012-6349)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2450.NASL
description	It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.
last seen	2020-03-17
modified	2012-04-13
plugin id	58729
published	2012-04-13
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58729
title	Debian DSA-2450-1 : samba - privilege escalation

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0506.NASL
description	Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	64757
published	2013-02-21
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64757
title	RHEL 6 : samba4 (RHSA-2013:0506)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20120410_SAMBA3X_ON_SL5_X.NASL
description	Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-03-18
modified	2012-08-01
plugin id	61297
published	2012-08-01
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61297
title	Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20120410)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-5793.NASL
description	Fixes CVE-2010-1182. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2012-04-19
plugin id	58789
published	2012-04-19
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58789
title	Fedora 17 : samba-3.6.4-82.fc17.1 (2012-5793)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_SAMBA_20121016.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. (CVE-2012-1182)
last seen	2020-06-01
modified	2020-06-02
plugin id	80762
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80762
title	Oracle Solaris Third-Party Patch Update : samba (cve_2012_1182_arbitrary_code)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2012-0465.NASL
description	From Red Hat Security Advisory 2012:0465 : Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite
last seen	2020-06-01
modified	2020-06-02
plugin id	68506
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68506
title	Oracle Linux 5 / 6 : samba (ELSA-2012-0465)

Packetstorm

data source	https://packetstormsecurity.com/files/download/116843/samba3-exec.txt
id	PACKETSTORM:116843
last seen	2016-12-05
published	2012-09-25
reporter	kd
source	https://packetstormsecurity.com/files/116843/Samba-3.x-Remote-Root.html
title	Samba 3.x Remote Root

data source	https://packetstormsecurity.com/files/download/116953/setinfopolicy_heap.rb.txt
id	PACKETSTORM:116953
last seen	2016-12-05
published	2012-09-28
reporter	unknown
source	https://packetstormsecurity.com/files/116953/Samba-SetInformationPolicy-AuditEventsInfo-Heap-Overflow.html
title	Samba SetInformationPolicy AuditEventsInfo Heap Overflow

Redhat

advisories

bugzilla

id	804093
title	CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment samba-client is earlier than 0:3.0.33-3.39.el5_8
oval oval:com.redhat.rhsa:tst:20120465001
comment samba-client is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070061002
AND
comment samba-common is earlier than 0:3.0.33-3.39.el5_8
oval oval:com.redhat.rhsa:tst:20120465003
comment samba-common is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070061004
AND
comment libsmbclient is earlier than 0:3.0.33-3.39.el5_8
oval oval:com.redhat.rhsa:tst:20120465005
comment libsmbclient is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100488021
AND
comment samba is earlier than 0:3.0.33-3.39.el5_8
oval oval:com.redhat.rhsa:tst:20120465007
comment samba is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070061006
AND
comment samba-swat is earlier than 0:3.0.33-3.39.el5_8
oval oval:com.redhat.rhsa:tst:20120465009
comment samba-swat is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070061008

AND

comment libsmbclient-devel is earlier than 0:3.0.33-3.39.el5_8
oval oval:com.redhat.rhsa:tst:20120465011
comment libsmbclient-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20100488011

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment samba-swat is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465014
comment samba-swat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860010

AND

comment samba-winbind-devel is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465016
comment samba-winbind-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860014

AND

comment samba-domainjoin-gui is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465018
comment samba-domainjoin-gui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860002

AND
comment samba-doc is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465020
comment samba-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860008

AND

comment samba-winbind-krb5-locator is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465022
comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258004

AND

comment libsmbclient-devel is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465024
comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258034

AND

comment samba-winbind-clients is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465026
comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258018

AND
comment samba-client is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465028
comment samba-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258014
AND
comment libsmbclient is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465030
comment libsmbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258012
AND
comment samba-common is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465032
comment samba-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258006
AND
comment samba-winbind is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465034
comment samba-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258010
AND
comment samba is earlier than 0:3.5.10-115.el6_2
oval oval:com.redhat.rhsa:tst:20120465036
comment samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258022

rhsa

id	RHSA-2012:0465
released	2012-04-10
severity	Critical
title	RHSA-2012:0465: samba security update (Critical)

bugzilla

id	804093
title	CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment samba3x-domainjoin-gui is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466001
comment samba3x-domainjoin-gui is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054010

AND

comment samba3x-winbind is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466003
comment samba3x-winbind is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054014

AND
comment samba3x is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466005
comment samba3x is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054004
AND
comment samba3x-swat is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466007
comment samba3x-swat is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054008

AND

comment samba3x-common is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466009
comment samba3x-common is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054002

AND

comment samba3x-client is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466011
comment samba3x-client is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054006

AND
comment samba3x-doc is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466013
comment samba3x-doc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054012

AND

comment samba3x-winbind-devel is earlier than 0:3.5.10-0.108.el5_8
oval oval:com.redhat.rhsa:tst:20120466015
comment samba3x-winbind-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20110054016

rhsa

id	RHSA-2012:0466
released	2012-04-10
severity	Critical
title	RHSA-2012:0466: samba3x security update (Critical)

bugzilla

id	895718
title	Incomplete rpm provides filters causes issues with the samba4-libs package on certain architectures

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment samba4-client is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506001
comment samba4-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506002

AND

comment samba4-dc-libs is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506003
comment samba4-dc-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506004

AND
comment samba4 is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506005
comment samba4 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506006
AND
comment samba4-pidl is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506007
comment samba4-pidl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506008
AND
comment samba4-swat is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506009
comment samba4-swat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506010
AND
comment samba4-test is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506011
comment samba4-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506012
AND
comment samba4-libs is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506013
comment samba4-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506014
AND
comment samba4-dc is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506015
comment samba4-dc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506016

AND

comment samba4-winbind-krb5-locator is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506017
comment samba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506018

AND
comment samba4-devel is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506019
comment samba4-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506020

AND

comment samba4-winbind-clients is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506021
comment samba4-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506022

AND
comment samba4-python is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506023
comment samba4-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506024

AND

comment samba4-winbind is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506025
comment samba4-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506026

AND
comment samba4-common is earlier than 0:4.0.0-55.el6.rc4
oval oval:com.redhat.rhsa:tst:20130506027
comment samba4-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506028

rhsa

id	RHSA-2013:0506
released	2013-02-20
severity	Moderate
title	RHSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)

bugzilla

id	903241
title	Double-free on message copy/move

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment openchange-devel-docs is earlier than 0:1.0-4.el6
oval oval:com.redhat.rhsa:tst:20130515001
comment openchange-devel-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20162206004

AND

comment openchange-client is earlier than 0:1.0-4.el6
oval oval:com.redhat.rhsa:tst:20130515003
comment openchange-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20162206008

AND
comment openchange-devel is earlier than 0:1.0-4.el6
oval oval:com.redhat.rhsa:tst:20130515005
comment openchange-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20162206006
AND
comment openchange is earlier than 0:1.0-4.el6
oval oval:com.redhat.rhsa:tst:20130515007
comment openchange is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20162206002

AND

comment evolution-mapi-devel is earlier than 0:0.28.3-12.el6
oval oval:com.redhat.rhsa:tst:20130515009
comment evolution-mapi-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20162206014

AND
comment evolution-mapi is earlier than 0:0.28.3-12.el6
oval oval:com.redhat.rhsa:tst:20130515011
comment evolution-mapi is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20162206012

rhsa

id	RHSA-2013:0515
released	2013-02-20
severity	Moderate
title	RHSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)

rpms

libsmbclient-0:3.0.33-3.29.el5_6.5
libsmbclient-0:3.0.33-3.39.el5_8
libsmbclient-0:3.5.10-115.el6_2
libsmbclient-0:3.5.4-68.el6_0.3
libsmbclient-0:3.5.6-86.el6_1.5
libsmbclient-devel-0:3.0.33-3.29.el5_6.5
libsmbclient-devel-0:3.0.33-3.39.el5_8
libsmbclient-devel-0:3.5.10-115.el6_2
libsmbclient-devel-0:3.5.4-68.el6_0.3
libsmbclient-devel-0:3.5.6-86.el6_1.5
samba-0:3.0.33-3.29.el5_6.5
samba-0:3.0.33-3.39.el5_8
samba-0:3.0.33-3.7.el5_3.5
samba-0:3.5.10-115.el6_2
samba-0:3.5.4-68.el6_0.3
samba-0:3.5.6-86.el6_1.5
samba-client-0:3.0.33-3.29.el5_6.5
samba-client-0:3.0.33-3.39.el5_8
samba-client-0:3.0.33-3.7.el5_3.5
samba-client-0:3.5.10-115.el6_2
samba-client-0:3.5.4-68.el6_0.3
samba-client-0:3.5.6-86.el6_1.5
samba-common-0:3.0.33-3.29.el5_6.5
samba-common-0:3.0.33-3.39.el5_8
samba-common-0:3.0.33-3.7.el5_3.5
samba-common-0:3.5.10-115.el6_2
samba-common-0:3.5.4-68.el6_0.3
samba-common-0:3.5.6-86.el6_1.5
samba-debuginfo-0:3.0.33-3.29.el5_6.5
samba-debuginfo-0:3.0.33-3.39.el5_8
samba-debuginfo-0:3.0.33-3.7.el5_3.5
samba-debuginfo-0:3.5.10-115.el6_2
samba-debuginfo-0:3.5.4-68.el6_0.3
samba-debuginfo-0:3.5.6-86.el6_1.5
samba-doc-0:3.5.10-115.el6_2
samba-doc-0:3.5.4-68.el6_0.3
samba-doc-0:3.5.6-86.el6_1.5
samba-domainjoin-gui-0:3.5.10-115.el6_2
samba-domainjoin-gui-0:3.5.4-68.el6_0.3
samba-domainjoin-gui-0:3.5.6-86.el6_1.5
samba-swat-0:3.0.33-3.29.el5_6.5
samba-swat-0:3.0.33-3.39.el5_8
samba-swat-0:3.0.33-3.7.el5_3.5
samba-swat-0:3.5.10-115.el6_2
samba-swat-0:3.5.4-68.el6_0.3
samba-swat-0:3.5.6-86.el6_1.5
samba-winbind-0:3.5.10-115.el6_2
samba-winbind-0:3.5.4-68.el6_0.3
samba-winbind-0:3.5.6-86.el6_1.5
samba-winbind-clients-0:3.5.10-115.el6_2
samba-winbind-clients-0:3.5.4-68.el6_0.3
samba-winbind-clients-0:3.5.6-86.el6_1.5
samba-winbind-devel-0:3.5.10-115.el6_2
samba-winbind-devel-0:3.5.4-68.el6_0.3
samba-winbind-devel-0:3.5.6-86.el6_1.5
samba-winbind-krb5-locator-0:3.5.10-115.el6_2
samba-winbind-krb5-locator-0:3.5.6-86.el6_1.5
samba3x-0:3.5.10-0.108.el5_8
samba3x-0:3.5.4-0.70.el5_6.2
samba3x-client-0:3.5.10-0.108.el5_8
samba3x-client-0:3.5.4-0.70.el5_6.2
samba3x-common-0:3.5.10-0.108.el5_8
samba3x-common-0:3.5.4-0.70.el5_6.2
samba3x-debuginfo-0:3.5.10-0.108.el5_8
samba3x-debuginfo-0:3.5.4-0.70.el5_6.2
samba3x-doc-0:3.5.10-0.108.el5_8
samba3x-doc-0:3.5.4-0.70.el5_6.2
samba3x-domainjoin-gui-0:3.5.10-0.108.el5_8
samba3x-domainjoin-gui-0:3.5.4-0.70.el5_6.2
samba3x-swat-0:3.5.10-0.108.el5_8
samba3x-swat-0:3.5.4-0.70.el5_6.2
samba3x-winbind-0:3.5.10-0.108.el5_8
samba3x-winbind-0:3.5.4-0.70.el5_6.2
samba3x-winbind-devel-0:3.5.10-0.108.el5_8
samba3x-winbind-devel-0:3.5.4-0.70.el5_6.2
samba-0:3.0.33-3.36.el4
samba-client-0:3.0.33-3.36.el4
samba-common-0:3.0.33-3.36.el4
samba-debuginfo-0:3.0.33-3.36.el4
samba-swat-0:3.0.33-3.36.el4
samba4-0:4.0.0-55.el6.rc4
samba4-client-0:4.0.0-55.el6.rc4
samba4-common-0:4.0.0-55.el6.rc4
samba4-dc-0:4.0.0-55.el6.rc4
samba4-dc-libs-0:4.0.0-55.el6.rc4
samba4-debuginfo-0:4.0.0-55.el6.rc4
samba4-devel-0:4.0.0-55.el6.rc4
samba4-libs-0:4.0.0-55.el6.rc4
samba4-pidl-0:4.0.0-55.el6.rc4
samba4-python-0:4.0.0-55.el6.rc4
samba4-swat-0:4.0.0-55.el6.rc4
samba4-test-0:4.0.0-55.el6.rc4
samba4-winbind-0:4.0.0-55.el6.rc4
samba4-winbind-clients-0:4.0.0-55.el6.rc4
samba4-winbind-krb5-locator-0:4.0.0-55.el6.rc4
evolution-mapi-0:0.28.3-12.el6
evolution-mapi-debuginfo-0:0.28.3-12.el6
evolution-mapi-devel-0:0.28.3-12.el6
openchange-0:1.0-4.el6
openchange-client-0:1.0-4.el6
openchange-debuginfo-0:1.0-4.el6
openchange-devel-0:1.0-4.el6
openchange-devel-docs-0:1.0-4.el6

Seebug

bulletinFamily	exploit
description	CVE ID: CVE-2012-1182 Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 Samba 3.6.3之前版本的RPC代码生成器存在错误，导致生成的代码中包含安全漏洞，这些生成的代码用在Samba控制RPC网络数据处理的部分。攻击者可通过特制的RPC调用无需用户验证造成服务器执行任意代码。 0 Samba < 3.6.3 厂商补丁： Samba ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.samba.org/
id	SSV:60050
last seen	2017-11-19
modified	2012-04-12
published	2012-04-12
reporter	Root
title	Samba < 3.6.3 版本ndr_pull_lsa_SidArray堆溢出漏洞(CVE-2012-1182)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

Nessus

Packetstorm

Redhat

Seebug

References