Vulnerabilities > CVE-2013-4408 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samba

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

samba

CWE-119

nessus

NVD

Published: 2013-12-10

Updated: 2023-02-13

Summary

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 4.1.0 Samba Samba 4.1.2 Samba Samba 4.1.1 Samba Samba 4.0.2 Samba Samba 4.0.11 Samba Samba 4.0.3 Samba Samba 4.0.6 Samba Samba 4.0.10 Samba Samba 4.0.7 Samba Samba 4.0.1 Samba Samba 4.0.8 Samba Samba 4.0.0 Samba Samba 4.0.5 Samba Samba 4.0.12 Samba Samba 4.0.4 Samba Samba 4.0.9 Samba Samba 3.0.19 Samba Samba 3.0.23 Samba Samba 3.0.14A Samba Samba 3.0.27 Samba Samba 3.0.31 Samba Samba 3.0.3 Samba Samba 3.0.8 Samba Samba 3.2.15 Samba Samba 3.6.17 Samba Samba 3.3.3 Samba Samba 3.5.1 Samba Samba 3.0.29 Samba Samba 3.0.25 Samba Samba 3.0.25B Samba Samba 3.2.5 Samba Samba 3.4.2 Samba Samba 3.5.9 Samba Samba 3.2.3 Samba Samba 3.6.10 Samba Samba 3.5.7 Samba Samba 3.3.15 Samba Samba 3.4.11 Samba Samba 3.0.2A Samba Samba 3.0.36 Samba Samba 3.4.0 Samba Samba 3.0.28 Samba Samba 3.2.4 Samba Samba 3.4.7 Samba Samba 3.0.5 Samba Samba 3.0.26 Samba Samba 3.3.9 Samba Samba 3.4.8 Samba Samba 3.5.11 Samba Samba 3.0.21 Samba Samba 3.4.5 Samba Samba 3.0.32 Samba Samba 3.0.26A Samba Samba 3.2.13 Samba Samba 3.0.6 Samba Samba 3.4.6 Samba Samba 3.0.21A Samba Samba 3.0.34 Samba Samba 3.6.4 Samba Samba 3.2.1 Samba Samba 3.0.4 Samba Samba 3.5.6 Samba Samba 3.6.9 Samba Samba 3.3.4 Samba Samba 3.6.11 Samba Samba 3.0.33 Samba Samba 3.6.19 Samba Samba 3.6.16 Samba Samba 3.0.20A Samba Samba 3.4.16 Samba Samba 3.3.12 Samba Samba 3.0.21B Samba Samba 3.0.20 Samba Samba 3.3.7 Samba Samba 3.5.19 Samba Samba 3.4.1 Samba Samba 3.0.0 Samba Samba 3.5.8 Samba Samba 3.0.9 Samba Samba 3.6.1 Samba Samba 3.6.2 Samba Samba 3.2.9 Samba Samba 3.5.17 Samba Samba 3.5.2 Samba Samba 3.0.11 Samba Samba 3.6.12 Samba Samba 3.6.3 Samba Samba 3.0.7 Samba Samba 3.0.13 Samba Samba 3.6.8 Samba Samba 3.4.17 Samba Samba 3.3.1 Samba Samba 3.2.2 Samba Samba 3.2.7 Samba Samba 3.0.14 Samba Samba 3.0.20B Samba Samba 3.0.16 Samba Samba 3.5.14 Samba Samba 3.4.12 Samba Samba 3.2.10 Samba Samba 3.0.17 Samba Samba 3.5.21 Samba Samba 3.6.7 Samba Samba 3.4.13 Samba Samba 3.0.30 Samba Samba 3.0.21C Samba Samba 3.3.11 Samba Samba 3.6.13 Samba Samba 3.5.10 Samba Samba 3.3.0 Samba Samba 3.4.10 Samba Samba 3.0.23B Samba Samba 3.3.6 Samba Samba 3.5.5 Samba Samba 3.3.14 Samba Samba 3.5.0 Samba Samba 3.6.6 Samba Samba 3.5.12 Samba Samba 3.0.2 Samba Samba 3.0.12 Samba Samba 3.2.12 Samba Samba 3.0.37 Samba Samba 3.2.8 Samba Samba 3.6.15 Samba Samba 3.0.35 Samba Samba 3.0.18 Samba Samba 3.6.5 Samba Samba 3.0.25A Samba Samba 3.0.25C Samba Samba 3.3.2 Samba Samba 3.0.24 Samba Samba 3.5.4 Samba Samba 3.0.10 Samba Samba 3.2.11 Samba Samba 3.4.4 Samba Samba 3.1.0 Samba Samba 3.5.18 Samba Samba 3.4.3 Samba Samba 3.5.20 Samba Samba 3.6.20 Samba Samba 3.3.8 Samba Samba 3.3.13 Samba Samba 3.6.18 Samba Samba 3.6.21 Samba Samba 3.2.14 Samba Samba 3.5.15 Samba Samba 3.5.13 Samba Samba 3.0.23D Samba Samba 3.4.14 Samba Samba 3.4.9 Samba Samba 3.2.0 Samba Samba 3.3.5 Samba Samba 3.0.23C Samba Samba 3.0.15 Samba Samba 3.2.6 Samba Samba 3.0.23A Samba Samba 3.4.15 Samba Samba 3.6.14 Samba Samba 3.5.16 Samba Samba 3.3.10 Samba Samba 3.6.0 Samba Samba 3.0.1 Samba Samba 3.3.16 Samba Samba 3.0.22 Samba Samba 3.5.3	188

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-1806.NASL
description	Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	71293
published	2013-12-10
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71293
title	RHEL 5 / 6 : samba and samba3x (RHSA-2013:1806)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1806. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(71293); script_version("1.27"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-4408", "CVE-2013-4475"); script_bugtraq_id(63646, 64191); script_xref(name:"RHSA", value:"2013:1806"); script_name(english:"RHEL 5 / 6 : samba and samba3x (RHSA-2013:1806)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically." ); # http://www.samba.org/samba/security/CVE-2013-4408 script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2013-4408" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:1806" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4408" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4475" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/13"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:1806"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"samba3x-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"samba3x-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"samba3x-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"samba3x-client-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"samba3x-client-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"samba3x-client-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"samba3x-common-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"samba3x-common-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"samba3x-common-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"samba3x-debuginfo-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"samba3x-doc-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"samba3x-doc-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"samba3x-doc-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"samba3x-domainjoin-gui-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"samba3x-domainjoin-gui-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"samba3x-domainjoin-gui-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"samba3x-swat-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"samba3x-swat-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"samba3x-swat-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"samba3x-winbind-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"samba3x-winbind-devel-3.6.6-0.138.el5_10")) flag++; if (rpm_check(release:"RHEL6", reference:"libsmbclient-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"libsmbclient-devel-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba-client-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba-client-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba-client-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"samba-common-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"samba-debuginfo-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba-doc-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba-doc-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba-doc-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba-domainjoin-gui-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba-domainjoin-gui-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba-domainjoin-gui-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba-swat-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba-swat-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba-swat-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba-winbind-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba-winbind-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba-winbind-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"samba-winbind-clients-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"samba-winbind-devel-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"samba-winbind-krb5-locator-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"samba-winbind-krb5-locator-3.6.9-167.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"samba-winbind-krb5-locator-3.6.9-167.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc"); } }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20131210_SAMBA4_ON_SL6_X.NASL
description	A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) After installing this update, the smb service will be restarted automatically.
last seen	2020-03-18
modified	2013-12-11
plugin id	71340
published	2013-12-11
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71340
title	Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20131210)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_CIFS-MOUNT-131213.NASL
description	This update fixes the following security issues with samba : - DCERPC frag_len not checked. (CVE-2013-4408). (bnc#844720) - winbind pam security problem. (CVE-2012-6150). (bnc#853347) - No access check verification on stream files (CVE-2013-4475). And fixes the following non-security issues :. (bnc#848101) - libsmbclient0 package description contains comments. (bnc#853021) - rpcclient adddriver and setdrive do not set all needed registry entries. (bnc#817880) - Client trying to delete print job fails: Samba returns: WERR_INVALID_PRINTER_NAME. (bnc#838472) - various upstream fixes. (bnc#854520 and bnc#849226)
last seen	2020-06-05
modified	2014-01-07
plugin id	71833
published	2014-01-07
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71833
title	SuSE 11.2 / 11.3 Security Update : Samba (SAT Patch Numbers 8655 / 8656)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-1805.NASL
description	From Red Hat Security Advisory 2013:1805 : Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	71288
published	2013-12-10
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71288
title	Oracle Linux 6 : samba4 (ELSA-2013-1805)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20131210_SAMBA_AND_SAMBA3X_ON_SL5_X.NASL
description	A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) After installing this update, the smb service will be restarted automatically.
last seen	2020-03-18
modified	2013-12-11
plugin id	71341
published	2013-12-11
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71341
title	Scientific Linux Security Update : samba and samba3x on SL5.x, SL6.x i386/x86_64 (20131210)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2014-0009.NASL
description	Updated samba packages that fix two security issues are now available for Red Hat Storage. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Red Hat Storage are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	78991
published	2014-11-08
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78991
title	RHEL 6 : Storage Server (RHSA-2014:0009)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_613E45D1615411E39B62000C292E4FD8.NASL
description	The Samba project reports : These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).
last seen	2020-06-01
modified	2020-06-02
plugin id	71285
published	2013-12-10
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71285
title	FreeBSD : samba -- multiple vulnerabilities (613e45d1-6154-11e3-9b62-000c292e4fd8)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2014-013-04.NASL
description	New samba packages are available for Slackware 14.1, and -current to fix a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	71932
published	2014-01-14
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71932
title	Slackware 14.1 / current : samba (SSA:2014-013-04)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2014-0723-1.NASL
description	This is a LTSS roll-up update for the Samba Server suite fixing multiple security issues and bugs. Security issues fixed : - CVE-2013-4496: Password lockout was not enforced for SAMR password changes, leading to brute force possibility. - CVE-2013-4408: DCE-RPC fragment length field is incorrectly checked. - CVE-2013-4124: Samba was affected by a denial of service attack on authenticated or guest connections. - CVE-2013-0214: The SWAT webadministration was affected by a cross site scripting attack (XSS). - CVE-2013-0213: The SWAT webadministration could possibly be used in clickjacking attacks. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-05-20
plugin id	83623
published	2015-05-20
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83623
title	SUSE SLES11 Security Update : Samba (SUSE-SU-2014:0723-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2812.NASL
description	Two security issues were found in Samba, a SMB/CIFS file, print, and login server : - CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. - CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked when opening files with alternate data streams. This issue is only exploitable if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are used.
last seen	2020-03-17
modified	2013-12-10
plugin id	71275
published	2013-12-10
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71275
title	Debian DSA-2812-1 : samba - several vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-490.NASL
description	This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114:
last seen	2020-06-05
modified	2016-04-21
plugin id	90609
published	2016-04-21
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90609
title	openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-23177.NASL
description	Fix NULL pointer derreference in winbind debug message. Update to version 4.1.3 which fixes two security bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-12-24
plugin id	71620
published	2013-12-24
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71620
title	Fedora 20 : samba-4.1.3-2.fc20 (2013-23177)

NASL family	Misc.
NASL id	SAMBA_4_1_3.NASL
description	According to its banner, the version of Samba running on the remote host is 3.3.x equal or later than 3.3.10, 3.4.x, 3.5.x, 3.6.x prior to 3.6.22, 4.0.x prior to 4.0.13 or 4.1.x prior to 4.1.3. It is, therefore, potentially affected by multiple vulnerabilities : - A security bypass vulnerability exists in the
last seen	2020-06-01
modified	2020-06-02
plugin id	71377
published	2013-12-12
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71377
title	Samba 3.x < 3.6.22 / 4.0.x < 4.0.13 / 4.1.x < 4.1.3 Multiple Vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-1806.NASL
description	Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	71274
published	2013-12-10
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71274
title	CentOS 5 / 6 : samba / samba3x (CESA-2013:1806)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-7672.NASL
description	Update to Samba 4.1.9. Update to Samba 4.1.8 (CVE-2014-0178 samba: Uninitialized memory exposure) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-06-26
plugin id	76223
published	2014-06-26
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76223
title	Fedora 20 : samba-4.1.9-3.fc20 (2014-7672)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-1806.NASL
description	From Red Hat Security Advisory 2013:1806 : Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	71289
published	2013-12-10
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71289
title	Oracle Linux 5 / 6 : samba / samba3x (ELSA-2013-1806)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201502-15.NASL
description	The remote host is affected by the vulnerability described in GLSA-201502-15 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	81536
published	2015-02-26
reporter	This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81536
title	GLSA-201502-15 : Samba: Multiple vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2013-23085.NASL
description	This updates Samba to version 4.0.13, which fixes two security bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2013-12-16
plugin id	71447
published	2013-12-16
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71447
title	Fedora 19 : samba-4.0.13-1.fc19 (2013-23085)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2013-299.NASL
description	Multiple vulnerabilities has been discovered and corrected in samba : The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator
last seen	2020-06-01
modified	2020-06-02
plugin id	71606
published	2013-12-23
reporter	This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/71606
title	Mandriva Linux Security Advisory : samba (MDVSA-2013:299)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-9132.NASL
description	Update to Samba 4.0.21. CVE-2014-3560. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-08-20
plugin id	77268
published	2014-08-20
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77268
title	Fedora 19 : samba-4.0.21-1.fc19 (2014-9132)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2013-996.NASL
description	- Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; (bnc#844720). + pam_winbind login without require_membership_of restrictions; CVE-2012-6150; (bnc#853347). - Make use of the full gpg pub key file name including the key ID. - Add transparent file compression support; (fate#316266). + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers. + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support. + Extend vfs_btrfs VFS module to utilize get/set compression hooks. - Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770). - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). - BuildRequire systemd on post-12.2 systems. - Update to 4.1.2. + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091). + dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors; (bso#10052). + Missing talloc_free can leak stackframe in error path; (bso#10187). + Fix memset used with constant zero length parameter; (bso#10190). + s4:dsdb/rootdse: report
last seen	2020-06-05
modified	2014-06-13
plugin id	75242
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75242
title	openSUSE Security Update : samba (openSUSE-SU-2013:1921-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-1805.NASL
description	Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	71273
published	2013-12-10
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71273
title	CentOS 6 : samba4 (CESA-2013:1805)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-229.NASL
description	Samba was updated to fix security issues and bugs : Security issues fixed : - Password lockout was not enforced for SAMR password changes, this allowed brute-force attacks on passwords. CVE-2013-4496; (bnc#849224). - The DCE-RPC fragment length field is incorrectly checked, which could expose samba clients to buffer overflow exploits caused by malicious servers; CVE-2013-4408; (bnc#844720). - The pam_winbind login without require_membership_of restrictions could allow fallbacks to local users even if they were not intended to be allowed; CVE-2012-6150; (bnc#853347). Also non security bugs were fixed : - Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). - Depend on %version-%release with all manual Provides and Requires; (bnc#844307). - Remove superfluous obsoletes -64bit in the ifarch ppc64 case; (bnc#437293). - Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). - Samba is chatty about being unable to open a printer; (bso#10118). - nsswitch: Fix short writes in winbind_write_sock; (bso#10195). - xattr: fix listing EAs on BSD for non-root users; (bso#10247). - spoolss: accept XPS_PASS datatype used by Windows 8; (bso#10267). - The preceding bugs are tracked by (bnc#854520) too. - Make use of the full gpg pub key file name including the key ID. - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). - Allow smbcacls to take a
last seen	2020-06-05
modified	2014-06-13
plugin id	75302
published	2014-06-13
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75302
title	openSUSE Security Update : samba (openSUSE-SU-2014:0405-1)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_SAMBA_20140225.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator
last seen	2020-06-01
modified	2020-06-02
plugin id	80766
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80766
title	Oracle Solaris Third-Party Patch Update : samba (cve_2012_6150_input_validation)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2054-1.NASL
description	It was discovered that Winbind incorrectly handled invalid group names with the require_membership_of parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. (CVE-2012-6150) Stefan Metzmacher and Michael Adam discovered that Samba incorrectly handled DCE-RPC fragment length fields. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as the root user. (CVE-2013-4408) Hemanth Thummala discovered that Samba incorrectly handled file permissions when vfs_streams_depot or vfs_streams_xattr were enabled. A remote attacker could use this issue to bypass intended restrictions. (CVE-2013-4475). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	71376
published	2013-12-12
reporter	Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71376
title	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : samba vulnerabilities (USN-2054-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-1805.NASL
description	Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	71292
published	2013-12-10
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71292
title	RHEL 6 : samba4 (RHSA-2013:1805)

Redhat

advisories

bugzilla

id	1018032
title	CVE-2013-4408 samba: Heap-based buffer overflow due to incorrect DCE-RPC fragment length field check

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment samba4-winbind is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805001
comment samba4-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506026

AND

comment samba4-client is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805003
comment samba4-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506002

AND

comment samba4-common is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805005
comment samba4-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506028

AND
comment samba4-dc is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805007
comment samba4-dc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506016
AND
comment samba4-swat is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805009
comment samba4-swat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506010
AND
comment samba4-test is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805011
comment samba4-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506012

AND

comment samba4-winbind-krb5-locator is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805013
comment samba4-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506018

AND

comment samba4-python is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805015
comment samba4-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506024

AND
comment samba4-libs is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805017
comment samba4-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506014
AND
comment samba4-devel is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805019
comment samba4-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506020
AND
comment samba4 is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805021
comment samba4 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506006

AND

comment samba4-dc-libs is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805023
comment samba4-dc-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506004

AND

comment samba4-winbind-clients is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805025
comment samba4-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506022

AND
comment samba4-pidl is earlier than 0:4.0.0-60.el6_5.rc4
oval oval:com.redhat.rhsa:tst:20131805027
comment samba4-pidl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130506008

rhsa

id	RHSA-2013:1805
released	2013-12-09
severity	Important
title	RHSA-2013:1805: samba4 security update (Important)

rhsa
id RHSA-2013:1806
rhsa
id RHSA-2014:0009

rpms

samba4-0:4.0.0-60.el6_5.rc4
samba4-client-0:4.0.0-60.el6_5.rc4
samba4-common-0:4.0.0-60.el6_5.rc4
samba4-dc-0:4.0.0-60.el6_5.rc4
samba4-dc-libs-0:4.0.0-60.el6_5.rc4
samba4-debuginfo-0:4.0.0-60.el6_5.rc4
samba4-devel-0:4.0.0-60.el6_5.rc4
samba4-libs-0:4.0.0-60.el6_5.rc4
samba4-pidl-0:4.0.0-60.el6_5.rc4
samba4-python-0:4.0.0-60.el6_5.rc4
samba4-swat-0:4.0.0-60.el6_5.rc4
samba4-test-0:4.0.0-60.el6_5.rc4
samba4-winbind-0:4.0.0-60.el6_5.rc4
samba4-winbind-clients-0:4.0.0-60.el6_5.rc4
samba4-winbind-krb5-locator-0:4.0.0-60.el6_5.rc4
libsmbclient-0:3.6.9-167.el6_5
libsmbclient-devel-0:3.6.9-167.el6_5
samba-0:3.6.9-167.el6_5
samba-client-0:3.6.9-167.el6_5
samba-common-0:3.6.9-167.el6_5
samba-debuginfo-0:3.6.9-167.el6_5
samba-doc-0:3.6.9-167.el6_5
samba-domainjoin-gui-0:3.6.9-167.el6_5
samba-swat-0:3.6.9-167.el6_5
samba-winbind-0:3.6.9-167.el6_5
samba-winbind-clients-0:3.6.9-167.el6_5
samba-winbind-devel-0:3.6.9-167.el6_5
samba-winbind-krb5-locator-0:3.6.9-167.el6_5
samba3x-0:3.6.6-0.138.el5_10
samba3x-client-0:3.6.6-0.138.el5_10
samba3x-common-0:3.6.6-0.138.el5_10
samba3x-debuginfo-0:3.6.6-0.138.el5_10
samba3x-doc-0:3.6.6-0.138.el5_10
samba3x-domainjoin-gui-0:3.6.6-0.138.el5_10
samba3x-swat-0:3.6.6-0.138.el5_10
samba3x-winbind-0:3.6.6-0.138.el5_10
samba3x-winbind-devel-0:3.6.6-0.138.el5_10
libsmbclient-0:3.6.9-167.5.1.el6rhs
libsmbclient-devel-0:3.6.9-167.5.1.el6rhs
samba-0:3.6.9-167.5.1.el6rhs
samba-client-0:3.6.9-167.5.1.el6rhs
samba-common-0:3.6.9-167.5.1.el6rhs
samba-debuginfo-0:3.6.9-167.5.1.el6rhs
samba-doc-0:3.6.9-167.5.1.el6rhs
samba-domainjoin-gui-0:3.6.9-167.5.1.el6rhs
samba-glusterfs-0:3.6.9-167.5.1.el6rhs
samba-swat-0:3.6.9-167.5.1.el6rhs
samba-winbind-0:3.6.9-167.5.1.el6rhs
samba-winbind-clients-0:3.6.9-167.5.1.el6rhs
samba-winbind-devel-0:3.6.9-167.5.1.el6rhs
samba-winbind-krb5-locator-0:3.6.9-167.5.1.el6rhs

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References