Vulnerabilities > CVE-2012-6150 - Improper Input Validation vulnerability in multiple products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

samba

canonical

CWE-20

nessus

NVD

Published: 2013-12-03

Updated: 2024-11-21

Summary

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 4.1.0 Samba Samba 4.1.1 Samba Samba 4.1.2 Samba Samba 4.0.0 Samba Samba 4.0.1 Samba Samba 4.0.2 Samba Samba 4.0.3 Samba Samba 4.0.4 Samba Samba 4.0.5 Samba Samba 4.0.6 Samba Samba 4.0.7 Samba Samba 4.0.8 Samba Samba 4.0.9 Samba Samba 4.0.10 Samba Samba 4.0.11 Samba Samba 4.0.12 Samba Samba 3.4.3 Samba Samba 3.4.4 Samba Samba 3.4.5 Samba Samba 3.4.6 Samba Samba 3.4.7 Samba Samba 3.4.8 Samba Samba 3.4.9 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba Samba 3.4.12 Samba Samba 3.4.13 Samba Samba 3.4.14 Samba Samba 3.4.15 Samba Samba 3.4.16 Samba Samba 3.4.17 Samba Samba 3.5.0 Samba Samba 3.5.1 Samba Samba 3.5.2 Samba Samba 3.5.3 Samba Samba 3.5.4 Samba Samba 3.5.5 Samba Samba 3.5.6 Samba Samba 3.5.7 Samba Samba 3.5.8 Samba Samba 3.5.9 Samba Samba 3.5.10 Samba Samba 3.5.11 Samba Samba 3.5.12 Samba Samba 3.5.13 Samba Samba 3.5.14 Samba Samba 3.5.15 Samba Samba 3.5.16 Samba Samba 3.5.17 Samba Samba 3.5.18 Samba Samba 3.5.19 Samba Samba 3.5.20 Samba Samba 3.5.21 Samba Samba 3.5.22 Samba Samba 3.6.0 Samba Samba 3.6.1 Samba Samba 3.6.2 Samba Samba 3.6.3 Samba Samba 3.6.4 Samba Samba 3.6.5 Samba Samba 3.6.6 Samba Samba 3.6.7 Samba Samba 3.6.8 Samba Samba 3.6.9 Samba Samba 3.6.10 Samba Samba 3.6.11 Samba Samba 3.6.12 Samba Samba 3.6.13 Samba Samba 3.6.14 Samba Samba 3.6.15 Samba Samba 3.6.16 Samba Samba 3.6.17 Samba Samba 3.6.18 Samba Samba 3.6.19 Samba Samba 3.6.20 Samba Samba 3.6.21 Samba Samba 3.3.10 Samba Samba 3.3.11 Samba Samba 3.3.12 Samba Samba 3.3.13 Samba Samba 3.3.14 Samba Samba 3.3.15 Samba Samba 3.3.16	83
OS	Canonical Canonical Ubuntu Linux 13.04 Canonical Ubuntu Linux 13.10 Canonical Ubuntu Linux 12.10 Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04	5

Common Weakness Enumeration (CWE)

CWE-20 - Improper Input Validation

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Server Side Include (SSI) Injection
An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
Cross Site Scripting through Log Files
An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
Command Line Execution through SQL Injection
An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2014-0383.NASL
description	Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	73452
published	2014-04-10
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73452
title	RHEL 6 : samba4 (RHSA-2014:0383)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0383. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(73452); script_version("1.11"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2012-6150", "CVE-2013-4496", "CVE-2013-6442"); script_bugtraq_id(64101, 66232, 66336); script_xref(name:"RHSA", value:"2014:0383"); script_name(english:"RHEL 6 : samba4 (RHSA-2014:0383)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba's 'smbcacls' command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL. (CVE-2013-6442) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2012-6150" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2013-4496" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2013-6442" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0383" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4496" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-6150" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-6442" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0383"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-client-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-client-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-client-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-common-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-common-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-common-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-dc-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-dc-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-dc-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-dc-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-dc-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-dc-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-debuginfo-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-debuginfo-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-debuginfo-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-devel-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-devel-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-devel-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-pidl-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-pidl-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-pidl-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-python-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-python-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-python-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-swat-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-swat-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-swat-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-test-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-test-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-test-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-winbind-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-winbind-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-winbind-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-winbind-clients-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-winbind-clients-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-winbind-clients-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc"); } }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2014-0330.NASL
description	From Red Hat Security Advisory 2014:0330 : Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	73197
published	2014-03-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73197
title	Oracle Linux 5 / 6 : samba / samba3x (ELSA-2014-0330)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0330 and # Oracle Linux Security Advisory ELSA-2014-0330 respectively. # include("compat.inc"); if (description) { script_id(73197); script_version("1.8"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2012-6150", "CVE-2013-4496"); script_bugtraq_id(64101, 66336); script_xref(name:"RHSA", value:"2014:0330"); script_name(english:"Oracle Linux 5 / 6 : samba / samba3x (ELSA-2014-0330)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:0330 : Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-March/004038.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-March/004040.html" ); script_set_attribute( attribute:"solution", value:"Update the affected samba and / or samba3x packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba3x-winbind-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"samba3x-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"samba3x-client-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"samba3x-common-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"samba3x-doc-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"samba3x-domainjoin-gui-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"samba3x-swat-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"samba3x-winbind-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL5", reference:"samba3x-winbind-devel-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"EL6", reference:"libsmbclient-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"libsmbclient-devel-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-client-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-common-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-doc-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-domainjoin-gui-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-swat-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-clients-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-devel-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-krb5-locator-3.6.9-168.el6_5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2014-0330.NASL
description	Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	73192
published	2014-03-26
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73192
title	CentOS 5 / 6 : samba / samba3x (CESA-2014:0330)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0330 and # CentOS Errata and Security Advisory 2014:0330 respectively. # include("compat.inc"); if (description) { script_id(73192); script_version("1.10"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2012-6150", "CVE-2013-4496"); script_bugtraq_id(64101, 66336); script_xref(name:"RHSA", value:"2014:0330"); script_name(english:"CentOS 5 / 6 : samba / samba3x (CESA-2014:0330)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2014-March/020228.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8caf9857" ); # https://lists.centos.org/pipermail/centos-announce/2014-March/020232.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b69f764a" ); script_set_attribute( attribute:"solution", value:"Update the affected samba and / or samba3x packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4496"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba3x-winbind-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"samba3x-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"samba3x-client-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"samba3x-common-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"samba3x-doc-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"samba3x-domainjoin-gui-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"samba3x-swat-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"samba3x-winbind-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-5", reference:"samba3x-winbind-devel-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"libsmbclient-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"libsmbclient-devel-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-client-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-common-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-doc-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-domainjoin-gui-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-swat-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-winbind-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-winbind-clients-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-winbind-devel-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba-winbind-krb5-locator-3.6.9-168.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20140325_SAMBA_AND_SAMBA3X_ON_SL5_X.NASL
description	It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) After installing this update, the smb service will be restarted automatically.
last seen	2020-03-18
modified	2014-03-26
plugin id	73201
published	2014-03-26
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73201
title	Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/srpm/x86_64 (20140325)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(73201); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-6150", "CVE-2013-4496"); script_name(english:"Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/srpm/x86_64 (20140325)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) After installing this update, the smb service will be restarted automatically." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=2576 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aa68d877" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"samba3x-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-client-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-common-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-debuginfo-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-debuginfo-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-doc-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-domainjoin-gui-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-swat-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-winbind-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL5", reference:"samba3x-winbind-devel-3.6.6-0.139.el5_10")) flag++; if (rpm_check(release:"SL6", reference:"libsmbclient-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"libsmbclient-devel-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-client-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-common-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-debuginfo-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-debuginfo-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-doc-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-domainjoin-gui-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-swat-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-clients-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-devel-3.6.9-168.el6_5")) flag++; if (rpm_check(release:"SL6", reference:"samba-winbind-krb5-locator-3.6.9-168.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_CIFS-MOUNT-131213.NASL
description	This update fixes the following security issues with samba : - DCERPC frag_len not checked. (CVE-2013-4408). (bnc#844720) - winbind pam security problem. (CVE-2012-6150). (bnc#853347) - No access check verification on stream files (CVE-2013-4475). And fixes the following non-security issues :. (bnc#848101) - libsmbclient0 package description contains comments. (bnc#853021) - rpcclient adddriver and setdrive do not set all needed registry entries. (bnc#817880) - Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME. (bnc#838472) - various upstream fixes. (bnc#854520 and bnc#849226)
last seen	2020-06-05
modified	2014-01-07
plugin id	71833
published	2014-01-07
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71833
title	SuSE 11.2 / 11.3 Security Update : Samba (SAT Patch Numbers 8655 / 8656)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(71833); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6150", "CVE-2013-4408", "CVE-2013-4475"); script_name(english:"SuSE 11.2 / 11.3 Security Update : Samba (SAT Patch Numbers 8655 / 8656)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following security issues with samba : - DCERPC frag_len not checked. (CVE-2013-4408). (bnc#844720) - winbind pam security problem. (CVE-2012-6150). (bnc#853347) - No access check verification on stream files (CVE-2013-4475). And fixes the following non-security issues :. (bnc#848101) - libsmbclient0 package description contains comments. (bnc#853021) - rpcclient adddriver and setdrive do not set all needed registry entries. (bnc#817880) - Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME. (bnc#838472) - various upstream fixes. (bnc#854520 and bnc#849226)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=817880" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=838472" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=844720" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848101" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853347" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854520" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6150.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4408.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4475.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 8655 / 8656 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ldapsmb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libldb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libldb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtalloc2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtdb1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtevent0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libtevent0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-krb-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libldb1-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libsmbclient0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtalloc1-3.4.3-1.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtalloc2-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtdb1-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libtevent0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libwbclient0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-client-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-doc-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-krb-printing-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"samba-winbind-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libldb1-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libldb1-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libsmbclient0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc1-3.4.3-1.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc1-32bit-3.4.3-1.50.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc2-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtdb1-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtevent0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libwbclient0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-client-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-doc-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-krb-printing-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-winbind-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libldb1-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libsmbclient0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libtalloc2-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libtdb1-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libtevent0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libwbclient0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"samba-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"samba-client-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"samba-doc-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"samba-krb-printing-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"samba-winbind-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libldb1-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libldb1-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libsmbclient0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libtalloc2-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libtdb1-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libtevent0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libwbclient0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-client-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-doc-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-krb-printing-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-winbind-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"ldapsmb-1.34b-12.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libldb1-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libsmbclient0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libtalloc1-3.4.3-1.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libtalloc2-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libtdb1-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libtevent0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"libwbclient0-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-client-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-doc-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-krb-printing-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"samba-winbind-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libsmbclient0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtalloc1-32bit-3.4.3-1.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtalloc2-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtdb1-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libtevent0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libwbclient0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-client-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"samba-winbind-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtalloc1-32bit-3.4.3-1.50.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.33.39.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"ldapsmb-1.34b-12.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libldb1-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libsmbclient0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libtalloc2-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libtdb1-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libtevent0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"libwbclient0-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"samba-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"samba-client-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"samba-doc-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"samba-krb-printing-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"samba-winbind-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libsmbclient0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libtalloc2-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libtdb1-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libtevent0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libwbclient0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"samba-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"samba-client-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"samba-winbind-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"samba-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"samba-client-32bit-3.6.3-0.46.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-0.46.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_613E45D1615411E39B62000C292E4FD8.NASL
description	The Samba project reports : These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).
last seen	2020-06-01
modified	2020-06-02
plugin id	71285
published	2013-12-10
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71285
title	FreeBSD : samba -- multiple vulnerabilities (613e45d1-6154-11e3-9b62-000c292e4fd8)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(71285); script_version("1.7"); script_cvs_date("Date: 2018/11/21 10:46:30"); script_cve_id("CVE-2012-6150", "CVE-2013-4408"); script_name(english:"FreeBSD : samba -- multiple vulnerabilities (613e45d1-6154-11e3-9b62-000c292e4fd8)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The Samba project reports : These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions)." ); # http://www.samba.org/samba/security/CVE-2012-6150 script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2012-6150" ); # http://www.samba.org/samba/security/CVE-2013-4408 script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2013-4408" ); # https://vuxml.freebsd.org/freebsd/613e45d1-6154-11e3-9b62-000c292e4fd8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?97f8e4e0" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba34"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba35"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba36"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba41"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"samba34>0")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba35>0")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba36>3.6.<3.6.22")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba4>4.0.<4.0.13")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba41>4.1.*<4.1.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2014-0723-1.NASL
description	This is a LTSS roll-up update for the Samba Server suite fixing multiple security issues and bugs. Security issues fixed : - CVE-2013-4496: Password lockout was not enforced for SAMR password changes, leading to brute force possibility. - CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked. - CVE-2013-4124: Samba was affected by a denial of service attack on authenticated or guest connections. - CVE-2013-0214: The SWAT webadministration was affected by a cross site scripting attack (XSS). - CVE-2013-0213: The SWAT webadministration could possibly be used in clickjacking attacks. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-05-20
plugin id	83623
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83623
title	SUSE SLES11 Security Update : Samba (SUSE-SU-2014:0723-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:0723-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83623); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6150", "CVE-2013-0213", "CVE-2013-0214", "CVE-2013-4124", "CVE-2013-4408", "CVE-2013-4496"); script_bugtraq_id(57631, 61597, 64101, 64191, 66336); script_name(english:"SUSE SLES11 Security Update : Samba (SUSE-SU-2014:0723-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This is a LTSS roll-up update for the Samba Server suite fixing multiple security issues and bugs. Security issues fixed : - CVE-2013-4496: Password lockout was not enforced for SAMR password changes, leading to brute force possibility. - CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked. - CVE-2013-4124: Samba was affected by a denial of service attack on authenticated or guest connections. - CVE-2013-0214: The SWAT webadministration was affected by a cross site scripting attack (XSS). - CVE-2013-0213: The SWAT webadministration could possibly be used in clickjacking attacks. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://download.suse.com/patch/finder/?keywords=20647ef4a682db1b2ce9c1aec3368f57 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?52b7a1db" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6150.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0213.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0214.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4124.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4408.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-4496.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/783384" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/799641" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/800982" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/829969" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/844720" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/849224" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/853347" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20140723-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?32d2ffa8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP1 LTSS : zypper in -t patch slessp1-cifs-mount-9117 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cifs-mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ldapsmb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtalloc1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtdb1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-krb-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = eregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"libsmbclient0-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"libtalloc1-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"libtdb1-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"libwbclient0-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"samba-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"samba-client-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"samba-winbind-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"libsmbclient0-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"libtalloc1-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"libtdb1-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"libwbclient0-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"samba-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"samba-client-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"samba-winbind-32bit-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"cifs-mount-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"ldapsmb-1.34b-11.28.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"libsmbclient0-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"libtalloc1-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"libtdb1-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"libwbclient0-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"samba-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"samba-client-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"samba-krb-printing-3.4.3-1.52.3")) flag++; if (rpm_check(release:"SLES11", sp:"1", reference:"samba-winbind-3.4.3-1.52.3")) flag++; if (flag) { set_kb_item(name:'www/0/XSS', value:TRUE); if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2014-0383.NASL
description	Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	73464
published	2014-04-11
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73464
title	CentOS 6 : samba4 (CESA-2014:0383)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0383 and # CentOS Errata and Security Advisory 2014:0383 respectively. # include("compat.inc"); if (description) { script_id(73464); script_version("1.7"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2012-6150", "CVE-2013-4496", "CVE-2013-6442"); script_bugtraq_id(64101, 66232, 66336); script_xref(name:"RHSA", value:"2014:0383"); script_name(english:"CentOS 6 : samba4 (CESA-2014:0383)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba's 'smbcacls' command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL. (CVE-2013-6442) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2014-April/020250.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?713f60ec" ); script_set_attribute( attribute:"solution", value:"Update the affected samba4 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6442"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"samba4-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-client-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-common-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-dc-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-dc-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-devel-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-libs-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-pidl-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-python-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-swat-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-test-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-winbind-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-winbind-clients-4.0.0-61.el6_5.rc4")) flag++; if (rpm_check(release:"CentOS-6", reference:"samba4-winbind-krb5-locator-4.0.0-61.el6_5.rc4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-490.NASL
description	This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114:
last seen	2020-06-05
modified	2016-04-21
plugin id	90609
published	2016-04-21
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90609
title	openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-490. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(90609); script_version("2.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6150", "CVE-2013-4408", "CVE-2013-4496", "CVE-2015-0240", "CVE-2015-5252", "CVE-2015-5296", "CVE-2015-5299", "CVE-2015-5330", "CVE-2015-5370", "CVE-2015-7560", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_name(english:"openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)"); script_summary(english:"Check for the openSUSE-2016-490 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114: 'server signing = mandatory' not enforced (bsc#973035). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions are no longer supported by upstream. As a side effect, libpdb0 package was replaced by libsamba-passdb0." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=844720" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=849224" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=853347" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=917376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=936862" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958584" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968222" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971965" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973032" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973033" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973034" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973035" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973036" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11077" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11395" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11529" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11536" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11599" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11688" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11749" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11752" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11756" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11804" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-core-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/20"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-pcp-pmda-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-pcp-pmda-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-tests-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-tests-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-atsvc-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-atsvc0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-atsvc0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-binding0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-binding0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-samr-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-samr0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-samr0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgensec-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgensec0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgensec0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-krb5pac-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-krb5pac0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-krb5pac0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-nbt-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-nbt0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-nbt0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-standard-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-standard0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-standard0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libnetapi-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libnetapi0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libnetapi0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libregistry-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libregistry0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libregistry0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-credentials-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-credentials0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-credentials0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-hostconfig-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-hostconfig0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-hostconfig0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-passdb-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-passdb0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-passdb0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-policy-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-policy0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-policy0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-util-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-util0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-util0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamdb-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamdb0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamdb0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-raw-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-raw0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-raw0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbconf-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbconf0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbconf0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbldap-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbldap0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbldap0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libtevent-util-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libtevent-util0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libtevent-util0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libwbclient-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libwbclient0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libwbclient0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-client-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-client-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-core-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-debugsource-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-libs-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-libs-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-pidl-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-python-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-python-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-test-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-test-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-test-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-winbind-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-winbind-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-atsvc0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-atsvc0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-samr0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-samr0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libgensec0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libgensec0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-nbt0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-standard0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-standard0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libnetapi0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libnetapi0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libregistry0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libregistry0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-credentials0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-passdb0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-policy0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-policy0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-util0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-util0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamdb0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamdb0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient-raw0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient-raw0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbconf0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbconf0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbldap0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbldap0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libtevent-util0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libtevent-util0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libwbclient0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-client-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-libs-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-libs-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-winbind-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-debuginfo / ctdb-devel / ctdb-pcp-pmda / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-23177.NASL
description	Fix NULL pointer derreference in winbind debug message. Update to version 4.1.3 which fixes two security bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-12-24
plugin id	71620
published	2013-12-24
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71620
title	Fedora 20 : samba-4.1.3-2.fc20 (2013-23177)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-23177. # include("compat.inc"); if (description) { script_id(71620); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-6150", "CVE-2013-4408"); script_bugtraq_id(64101, 64191); script_xref(name:"FEDORA", value:"2013-23177"); script_name(english:"Fedora 20 : samba-4.1.3-2.fc20 (2013-23177)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix NULL pointer derreference in winbind debug message. Update to version 4.1.3 which fixes two security bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1019469" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1039454" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1039500" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125021.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4db3a2ef" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"samba-4.1.3-2.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	Misc.
NASL id	SAMBA_4_1_3.NASL
description	According to its banner, the version of Samba running on the remote host is 3.3.x equal or later than 3.3.10, 3.4.x, 3.5.x, 3.6.x prior to 3.6.22, 4.0.x prior to 4.0.13 or 4.1.x prior to 4.1.3. It is, therefore, potentially affected by multiple vulnerabilities : - A security bypass vulnerability exists in the
last seen	2020-06-01
modified	2020-06-02
plugin id	71377
published	2013-12-12
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71377
title	Samba 3.x < 3.6.22 / 4.0.x < 4.0.13 / 4.1.x < 4.1.3 Multiple Vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-7672.NASL
description	Update to Samba 4.1.9. Update to Samba 4.1.8 (CVE-2014-0178 samba: Uninitialized memory exposure) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-06-26
plugin id	76223
published	2014-06-26
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76223
title	Fedora 20 : samba-4.1.9-3.fc20 (2014-7672)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201502-15.NASL
description	The remote host is affected by the vulnerability described in GLSA-201502-15 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	81536
published	2015-02-26
reporter	This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81536
title	GLSA-201502-15 : Samba: Multiple vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2014-0330.NASL
description	Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	73199
published	2014-03-26
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73199
title	RHEL 5 / 6 : samba and samba3x (RHSA-2014:0330)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-23085.NASL
description	This updates Samba to version 4.0.13, which fixes two security bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-12-16
plugin id	71447
published	2013-12-16
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71447
title	Fedora 19 : samba-4.0.13-1.fc19 (2013-23085)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-299.NASL
description	Multiple vulnerabilities has been discovered and corrected in samba : The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator
last seen	2020-06-01
modified	2020-06-02
plugin id	71606
published	2013-12-23
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71606
title	Mandriva Linux Security Advisory : samba (MDVSA-2013:299)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2014-0383.NASL
description	From Red Hat Security Advisory 2014:0383 : Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	73450
published	2014-04-10
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73450
title	Oracle Linux 6 : samba4 (ELSA-2014-0383)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-9132.NASL
description	Update to Samba 4.0.21. CVE-2014-3560. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-08-20
plugin id	77268
published	2014-08-20
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77268
title	Fedora 19 : samba-4.0.21-1.fc19 (2014-9132)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-996.NASL
description	- Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; (bnc#844720). + pam_winbind login without require_membership_of restrictions; CVE-2012-6150; (bnc#853347). - Make use of the full gpg pub key file name including the key ID. - Add transparent file compression support; (fate#316266). + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers. + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support. + Extend vfs_btrfs VFS module to utilize get/set compression hooks. - Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770). - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). - BuildRequire systemd on post-12.2 systems. - Update to 4.1.2. + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091). + dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors; (bso#10052). + Missing talloc_free can leak stackframe in error path; (bso#10187). + Fix memset used with constant zero length parameter; (bso#10190). + s4:dsdb/rootdse: report
last seen	2020-06-05
modified	2014-06-13
plugin id	75242
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75242
title	openSUSE Security Update : samba (openSUSE-SU-2013:1921-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-229.NASL
description	Samba was updated to fix security issues and bugs : Security issues fixed : - Password lockout was not enforced for SAMR password changes, this allowed brute-force attacks on passwords. CVE-2013-4496; (bnc#849224). - The DCE-RPC fragment length field is incorrectly checked, which could expose samba clients to buffer overflow exploits caused by malicious servers; CVE-2013-4408; (bnc#844720). - The pam_winbind login without require_membership_of restrictions could allow fallbacks to local users even if they were not intended to be allowed; CVE-2012-6150; (bnc#853347). Also non security bugs were fixed : - Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). - Depend on %version-%release with all manual Provides and Requires; (bnc#844307). - Remove superfluous obsoletes -64bit in the ifarch ppc64 case; (bnc#437293). - Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). - Samba is chatty about being unable to open a printer; (bso#10118). - nsswitch: Fix short writes in winbind_write_sock; (bso#10195). - xattr: fix listing EAs on BSD for non-root users; (bso#10247). - spoolss: accept XPS_PASS datatype used by Windows 8; (bso#10267). - The preceding bugs are tracked by (bnc#854520) too. - Make use of the full gpg pub key file name including the key ID. - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). - Allow smbcacls to take a
last seen	2020-06-05
modified	2014-06-13
plugin id	75302
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75302
title	openSUSE Security Update : samba (openSUSE-SU-2014:0405-1)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_SAMBA_20140225.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator
last seen	2020-06-01
modified	2020-06-02
plugin id	80766
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80766
title	Oracle Solaris Third-Party Patch Update : samba (cve_2012_6150_input_validation)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20140409_SAMBA4_ON_SL6_X.NASL
description	It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba
last seen	2020-03-18
modified	2014-04-10
plugin id	73453
published	2014-04-10
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73453
title	Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20140409)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2054-1.NASL
description	It was discovered that Winbind incorrectly handled invalid group names with the require_membership_of parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. (CVE-2012-6150) Stefan Metzmacher and Michael Adam discovered that Samba incorrectly handled DCE-RPC fragment length fields. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as the root user. (CVE-2013-4408) Hemanth Thummala discovered that Samba incorrectly handled file permissions when vfs_streams_depot or vfs_streams_xattr were enabled. A remote attacker could use this issue to bypass intended restrictions. (CVE-2013-4475). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	71376
published	2013-12-12
reporter	Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71376
title	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : samba vulnerabilities (USN-2054-1)

Redhat

advisories

rhsa

id	RHSA-2014:0330

rpms

libsmbclient-0:3.6.9-168.el6_5
libsmbclient-devel-0:3.6.9-168.el6_5
samba-0:3.6.9-168.el6_5
samba-client-0:3.6.9-168.el6_5
samba-common-0:3.6.9-168.el6_5
samba-debuginfo-0:3.6.9-168.el6_5
samba-doc-0:3.6.9-168.el6_5
samba-domainjoin-gui-0:3.6.9-168.el6_5
samba-swat-0:3.6.9-168.el6_5
samba-winbind-0:3.6.9-168.el6_5
samba-winbind-clients-0:3.6.9-168.el6_5
samba-winbind-devel-0:3.6.9-168.el6_5
samba-winbind-krb5-locator-0:3.6.9-168.el6_5
samba3x-0:3.6.6-0.139.el5_10
samba3x-client-0:3.6.6-0.139.el5_10
samba3x-common-0:3.6.6-0.139.el5_10
samba3x-debuginfo-0:3.6.6-0.139.el5_10
samba3x-doc-0:3.6.6-0.139.el5_10
samba3x-domainjoin-gui-0:3.6.6-0.139.el5_10
samba3x-swat-0:3.6.6-0.139.el5_10
samba3x-winbind-0:3.6.6-0.139.el5_10
samba3x-winbind-devel-0:3.6.6-0.139.el5_10
samba4-0:4.0.0-61.el6_5.rc4
samba4-client-0:4.0.0-61.el6_5.rc4
samba4-common-0:4.0.0-61.el6_5.rc4
samba4-dc-0:4.0.0-61.el6_5.rc4
samba4-dc-libs-0:4.0.0-61.el6_5.rc4
samba4-debuginfo-0:4.0.0-61.el6_5.rc4
samba4-devel-0:4.0.0-61.el6_5.rc4
samba4-libs-0:4.0.0-61.el6_5.rc4
samba4-pidl-0:4.0.0-61.el6_5.rc4
samba4-python-0:4.0.0-61.el6_5.rc4
samba4-swat-0:4.0.0-61.el6_5.rc4
samba4-test-0:4.0.0-61.el6_5.rc4
samba4-winbind-0:4.0.0-61.el6_5.rc4
samba4-winbind-clients-0:4.0.0-61.el6_5.rc4
samba4-winbind-krb5-locator-0:4.0.0-61.el6_5.rc4

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References