Vulnerabilities > CVE-2016-2110 - 7PK - Security Features vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
samba
canonical
CWE-254
nessus

Summary

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.

Vulnerable Configurations

Part Description Count
Application
Samba
248
OS
Canonical
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160412_SAMBA_ON_SL5_X.NASL
    descriptionSecurity Fix(es) : - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) - Several flaws were found in Samba
    last seen2020-03-18
    modified2016-04-13
    plugin id90503
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90503
    titleScientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90503);
      script_version("2.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118");
    
      script_name(english:"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - A protocol flaw, publicly referred to as Badlock, was
        found in the Security Account Manager Remote Protocol
        (MS-SAMR) and the Local Security Authority (Domain
        Policy) Remote Protocol (MS-LSAD). Any authenticated
        DCE/RPC connection that a client initiates against a
        server could be used by a man-in-the-middle attacker to
        impersonate the authenticated user against the SAMR or
        LSA service on the server. As a result, the attacker
        would be able to get read/write access to the Security
        Account Manager database, and use this to reveal all
        passwords or any other potentially sensitive information
        in that database. (CVE-2016-2118)
    
      - Several flaws were found in Samba's implementation of
        NTLMSSP authentication. An unauthenticated,
        man-in-the-middle attacker could use this flaw to clear
        the encryption and integrity flags of a connection,
        causing data to be transmitted in plain text. The
        attacker could also force the client or server into
        sending data in plain text even if encryption was
        explicitly requested for that connection.
        (CVE-2016-2110)
    
      - It was discovered that Samba configured as a Domain
        Controller would establish a secure communication
        channel with a machine using a spoofed computer name. A
        remote attacker able to observe network traffic could
        use this flaw to obtain session-related information
        about the spoofed machine. (CVE-2016-2111)
    
      - It was found that Samba's LDAP implementation did not
        enforce integrity protection for LDAP connections. A
        man-in-the-middle attacker could use this flaw to
        downgrade LDAP connections to use no integrity
        protection, allowing them to hijack such connections.
        (CVE-2016-2112)
    
      - It was found that Samba did not enable integrity
        protection for IPC traffic by default. A
        man-in-the-middle attacker could use this flaw to view
        and modify the data sent between a Samba server and a
        client. (CVE-2016-2115)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b633e72b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-swat");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"libsmbclient-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"libsmbclient-devel-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"samba-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"samba-client-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"samba-common-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"samba-debuginfo-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"SL5", reference:"samba-swat-3.0.33-3.41.el5_11")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1014.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in Samba
    last seen2020-05-06
    modified2017-05-01
    plugin id99777
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99777
    titleEulerOS 2.0 SP1 : samba (EulerOS-SA-2016-1014)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99777);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2015-5370",
        "CVE-2016-2110",
        "CVE-2016-2111",
        "CVE-2016-2112",
        "CVE-2016-2113",
        "CVE-2016-2114",
        "CVE-2016-2115",
        "CVE-2016-2118"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : samba (EulerOS-SA-2016-1014)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the samba packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Multiple flaws were found in Samba's DCE/RPC protocol
        implementation. A remote, authenticated attacker could
        use these flaws to cause a denial of service against
        the Samba server (high CPU load or a crash) or,
        possibly, execute arbitrary code with the permissions
        of the user running Samba (root). This flaw could also
        be used to downgrade a secure DCE/RPC connection by a
        man-in-the-middle attacker taking control of an Active
        Directory (AD) object and compromising the security of
        a Samba Active Directory Domain Controller
        (DC).(CVE-2015-5370)
    
      - A protocol flaw, publicly referred to as Badlock, was
        found in the Security Account Manager Remote Protocol
        (MS-SAMR) and the Local Security Authority (Domain
        Policy) Remote Protocol (MS-LSAD). Any authenticated
        DCE/RPC connection that a client initiates against a
        server could be used by a man-in-the-middle attacker to
        impersonate the authenticated user against the SAMR or
        LSA service on the server.
    
      - As a result, the attacker would be able to get
        read/write access to the Security Account Manager
        database, and use this to reveal all passwords or any
        other potentially sensitive information in that
        database. (CVE-2016-2118)
    
      - Several flaws were found in Samba's implementation of
        NTLMSSP authentication. An nauthenticated,
        man-in-the-middle attacker could use this flaw to clear
        the encryption and integrity flags of a connection,
        causing data to be transmitted in plain text. The
        attacker could also force the client or server into
        sending data in plain text even if encryption was
        explicitly requested for that
        connection.(CVE-2016-2110)
    
      - It was discovered that Samba configured as a Domain
        Controller would establish a secure communication
        channel with a machine using a spoofed computer name. A
        remote attacker able to observe network traffic could
        use this flaw to obtain session-related information
        about the spoofed machine. (CVE-2016-2111)
    
      - It was found that Samba's LDAP implementation did not
        enforce integrity protection for LDAP connections. A
        man-in-the-middle attacker could use this flaw to
        downgrade LDAP connections to use no integrity
        protection, allowing them to hijack such
        connections.(CVE-2016-2112)
    
      - It was found that Samba did not validate SSL/TLS
        certificates in certain connections. A
        man-in-the-middle attacker could use this flaw to spoof
        a Samba server using a specially crafted SSL/TLS
        certificate.(CVE-2016-2113)
    
      - It was discovered that Samba did not enforce Server
        Message Block (SMB) signing for clients using the SMB1
        protocol. A man-in-the-middle attacker could use this
        flaw to modify traffic between a client and a server.
        (CVE-2016-2114)
    
      - It was found that Samba did not enable integrity
        protection for IPC traffic by default. A
        man-in-the-middle attacker could use this flaw to view
        and modify the data sent between a Samba server and a
        client.(CVE-2016-2115)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1014
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f1103f47");
      script_set_attribute(attribute:"solution", value:
    "Update the affected samba packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libldb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtalloc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtevent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pytalloc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-tdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-tevent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tdb-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libldb-1.1.25-1",
            "libsmbclient-4.2.10-6",
            "libtalloc-2.1.5-1",
            "libtdb-1.3.8-1",
            "libtevent-0.9.26-1",
            "libwbclient-4.2.10-6",
            "pytalloc-2.1.5-1",
            "python-tdb-1.3.8-1",
            "python-tevent-0.9.26-1",
            "samba-4.2.10-6",
            "samba-client-4.2.10-6",
            "samba-client-libs-4.2.10-6",
            "samba-common-4.2.10-6",
            "samba-common-libs-4.2.10-6",
            "samba-common-tools-4.2.10-6",
            "samba-libs-4.2.10-6",
            "samba-python-4.2.10-6",
            "samba-winbind-4.2.10-6",
            "samba-winbind-clients-4.2.10-6",
            "samba-winbind-modules-4.2.10-6",
            "tdb-tools-1.3.8-1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0620.NASL
    descriptionAn update for samba4 is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90497
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90497
    titleRHEL 6 : samba4 (RHSA-2016:0620) (Badlock)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:0620. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90497);
      script_version("2.19");
      script_cvs_date("Date: 2019/10/24 15:35:41");
    
      script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118");
      script_xref(name:"RHSA", value:"2016:0620");
    
      script_name(english:"RHEL 6 : samba4 (RHSA-2016:0620) (Badlock)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for samba4 is now available for Red Hat Enterprise Linux 6.2
    Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update
    Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red
    Hat Enterprise Linux 6.6 Extended Update Support.
    
    Red Hat Product Security has rated this update as having a security
    impact of Critical. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Samba is an open source implementation of the Server Message Block
    (SMB) or Common Internet File System (CIFS) protocol, which allows
    PC-compatible machines to share files, printers, and other
    information.
    
    The following packages have been upgraded to a newer upstream version:
    Samba (4.2.10). Refer to the Release Notes listed in the References
    section for a complete list of changes.
    
    Security Fix(es) :
    
    * Multiple flaws were found in Samba's DCE/RPC protocol
    implementation. A remote, authenticated attacker could use these flaws
    to cause a denial of service against the Samba server (high CPU load
    or a crash) or, possibly, execute arbitrary code with the permissions
    of the user running Samba (root). This flaw could also be used to
    downgrade a secure DCE/RPC connection by a man-in-the-middle attacker
    taking control of an Active Directory (AD) object and compromising the
    security of a Samba Active Directory Domain Controller (DC).
    (CVE-2015-5370)
    
    Note: While Samba packages as shipped in Red Hat Enterprise Linux do
    not support running Samba as an AD DC, this flaw applies to all roles
    Samba implements.
    
    * A protocol flaw, publicly referred to as Badlock, was found in the
    Security Account Manager Remote Protocol (MS-SAMR) and the Local
    Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any
    authenticated DCE/RPC connection that a client initiates against a
    server could be used by a man-in-the-middle attacker to impersonate
    the authenticated user against the SAMR or LSA service on the server.
    As a result, the attacker would be able to get read/write access to
    the Security Account Manager database, and use this to reveal all
    passwords or any other potentially sensitive information in that
    database. (CVE-2016-2118)
    
    * Several flaws were found in Samba's implementation of NTLMSSP
    authentication. An unauthenticated, man-in-the-middle attacker could
    use this flaw to clear the encryption and integrity flags of a
    connection, causing data to be transmitted in plain text. The attacker
    could also force the client or server into sending data in plain text
    even if encryption was explicitly requested for that connection.
    (CVE-2016-2110)
    
    * It was discovered that Samba configured as a Domain Controller would
    establish a secure communication channel with a machine using a
    spoofed computer name. A remote attacker able to observe network
    traffic could use this flaw to obtain session-related information
    about the spoofed machine. (CVE-2016-2111)
    
    * It was found that Samba's LDAP implementation did not enforce
    integrity protection for LDAP connections. A man-in-the-middle
    attacker could use this flaw to downgrade LDAP connections to use no
    integrity protection, allowing them to hijack such connections.
    (CVE-2016-2112)
    
    * It was found that Samba did not validate SSL/TLS certificates in
    certain connections. A man-in-the-middle attacker could use this flaw
    to spoof a Samba server using a specially crafted SSL/TLS certificate.
    (CVE-2016-2113)
    
    * It was discovered that Samba did not enforce Server Message Block
    (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle
    attacker could use this flaw to modify traffic between a client and a
    server. (CVE-2016-2114)
    
    * It was found that Samba did not enable integrity protection for IPC
    traffic by default. A man-in-the-middle attacker could use this flaw
    to view and modify the data sent between a Samba server and a client.
    (CVE-2016-2115)
    
    Red Hat would like to thank the Samba project for reporting these
    issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the
    original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as
    the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,
    CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/history/samba-4.2.10.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/vulnerabilities/badlock"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/articles/2253041"
      );
      # http://badlock.org/
      script_set_attribute(
        attribute:"see_also",
        value:"https://samba.plus"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/articles/2243351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:0620"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-5370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2111"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-2113"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evolution-mapi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evolution-mapi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evolution-mapi-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-admintools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-selinux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ldb-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_autofs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_idmap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_idmap-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_sudo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_sudo-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-devel-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pyldb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pyldb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-pidl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6\.2|6\.4|6\.5|6\.6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.2 / 6.4 / 6.5 / 6.6", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:0620";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {  sp = get_kb_item("Host/RedHat/minor_release");
      if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"evolution-mapi-0.28.3-8.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"evolution-mapi-0.28.3-8.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"evolution-mapi-debuginfo-0.28.3-8.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"evolution-mapi-debuginfo-0.28.3-8.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"evolution-mapi-devel-0.28.3-8.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"evolution-mapi-devel-0.28.3-8.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-admintools-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-admintools-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-admintools-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-admintools-3.0.0-26.el6_4.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-admintools-3.0.0-37.el6_5.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-client-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-client-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-client-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-client-3.0.0-26.el6_4.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-client-3.0.0-37.el6_5.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-debuginfo-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-debuginfo-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-debuginfo-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-debuginfo-3.0.0-26.el6_4.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-debuginfo-3.0.0-37.el6_5.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-python-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-python-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-python-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-python-3.0.0-26.el6_4.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-python-3.0.0-37.el6_5.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-server-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-server-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-server-3.0.0-26.el6_4.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-server-3.0.0-37.el6_5.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-server-selinux-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-server-selinux-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-server-selinux-3.0.0-26.el6_4.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-server-selinux-3.0.0-37.el6_5.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-server-trust-ad-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-server-trust-ad-3.0.0-42.el6_6.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-server-trust-ad-3.0.0-26.el6_4.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-server-trust-ad-3.0.0-37.el6_5.1")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ldb-tools-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ldb-tools-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libipa_hbac-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libipa_hbac-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libipa_hbac-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libipa_hbac-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libipa_hbac-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libipa_hbac-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libipa_hbac-devel-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libipa_hbac-devel-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libipa_hbac-devel-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libipa_hbac-devel-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libipa_hbac-devel-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libipa_hbac-devel-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libipa_hbac-python-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libipa_hbac-python-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libipa_hbac-python-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", reference:"libldb-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libldb-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libldb-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libldb-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libldb-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libldb-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libldb-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", reference:"libldb-debuginfo-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libldb-debuginfo-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libldb-debuginfo-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libldb-debuginfo-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libldb-debuginfo-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libldb-debuginfo-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libldb-debuginfo-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", reference:"libldb-devel-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libldb-devel-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libldb-devel-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libldb-devel-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libldb-devel-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libldb-devel-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libldb-devel-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_autofs-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_autofs-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libsss_idmap-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libsss_idmap-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_idmap-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_idmap-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libsss_idmap-devel-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libsss_idmap-devel-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_idmap-devel-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_idmap-devel-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_sudo-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_sudo-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libsss_sudo-devel-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libsss_sudo-devel-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_sudo-devel-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_sudo-devel-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openchange-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-1.0-5.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-1.0-7.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-client-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-client-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-client-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-client-1.0-5.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-client-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-client-1.0-7.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-debuginfo-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openchange-debuginfo-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-debuginfo-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-debuginfo-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-debuginfo-1.0-5.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-debuginfo-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-debuginfo-1.0-7.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-devel-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openchange-devel-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-devel-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-devel-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-devel-1.0-5.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-devel-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-devel-1.0-7.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-devel-docs-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-devel-docs-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-devel-docs-1.0-7.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-devel-docs-1.0-5.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-devel-docs-1.0-1.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-devel-docs-1.0-7.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"pyldb-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"pyldb-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"pyldb-devel-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"pyldb-devel-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-client-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-client-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-client-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-client-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-client-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-common-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-common-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-common-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-common-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-common-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-dc-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-dc-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-dc-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-dc-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-dc-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-dc-libs-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-dc-libs-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-dc-libs-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-dc-libs-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-dc-libs-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-debuginfo-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"samba4-debuginfo-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-debuginfo-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-devel-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"samba4-devel-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-devel-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-libs-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"samba4-libs-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-libs-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-pidl-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-pidl-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_2")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-python-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-python-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-python-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-python-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-python-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-test-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-test-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-test-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-test-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-test-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-winbind-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-winbind-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-winbind-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-winbind-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-winbind-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-winbind-clients-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-winbind-clients-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-winbind-clients-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-winbind-clients-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-winbind-clients-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"sssd-client-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"sssd-client-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"sssd-client-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-client-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-client-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-client-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"sssd-debuginfo-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"sssd-debuginfo-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"sssd-debuginfo-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-debuginfo-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-debuginfo-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-debuginfo-1.9.2-129.el6_5.7")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-tools-1.9.2-82.12.el6_4")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-tools-1.5.1-66.el6_2.5")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-tools-1.9.2-129.el6_5.7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evolution-mapi / evolution-mapi-debuginfo / evolution-mapi-devel / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1028-1.NASL
    descriptionsamba was updated to fix seven security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118:
    last seen2020-06-01
    modified2020-06-02
    plugin id90536
    published2016-04-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90536
    titleSUSE SLES11 Security Update : samba (SUSE-SU-2016:1028-1) (Badlock)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1028-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90536);
      script_version("2.15");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118");
    
      script_name(english:"SUSE SLES11 Security Update : samba (SUSE-SU-2016:1028-1) (Badlock)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "samba was updated to fix seven security issues.
    
    These security issues were fixed :
    
      - CVE-2015-5370: DCERPC server and client were vulnerable
        to DOS and MITM attacks (bsc#936862).
    
      - CVE-2016-2110: A man-in-the-middle could have downgraded
        NTLMSSP authentication (bsc#973031).
    
      - CVE-2016-2111: Domain controller netlogon member
        computer could have been spoofed (bsc#973032).
    
      - CVE-2016-2112: LDAP conenctions were vulnerable to
        downgrade and MITM attack (bsc#973033).
    
      - CVE-2016-2113: TLS certificate validation were missing
        (bsc#973034).
    
      - CVE-2016-2115: Named pipe IPC were vulnerable to MITM
        attacks (bsc#973036).
    
      - CVE-2016-2118: 'Badlock' DCERPC impersonation of
        authenticated account were possible (bsc#971965).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936862"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=967017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971965"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5370/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2110/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2111/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2112/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2113/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2115/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2118/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161028-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?511357b8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP2-LTSS :
    
    zypper in -t patch slessp2-samba-12508=1
    
    SUSE Linux Enterprise Debuginfo 11-SP2 :
    
    zypper in -t patch dbgsp2-samba-12508=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ldapsmb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libldb1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtalloc2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtdb1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-krb-printing");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libsmbclient0-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libtalloc2-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libtdb1-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libtevent0-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libwbclient0-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"samba-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"samba-client-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"samba-winbind-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libsmbclient0-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libtalloc2-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libtdb1-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libtevent0-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libwbclient0-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"samba-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"samba-client-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"samba-winbind-32bit-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"ldapsmb-1.34b-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"libldb1-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"libsmbclient0-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"libtalloc2-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"libtdb1-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"libtevent0-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"libwbclient0-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"samba-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"samba-client-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"samba-krb-printing-3.6.3-52.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"samba-winbind-3.6.3-52.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0621.NASL
    descriptionFrom Red Hat Security Advisory 2016:0621 : An update for samba is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5. The CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5. Customers are advised to use the
    last seen2020-06-01
    modified2020-06-02
    plugin id90489
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90489
    titleOracle Linux 5 : samba (ELSA-2016-0621) (Badlock)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:0621 and 
    # Oracle Linux Security Advisory ELSA-2016-0621 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90489);
      script_version("2.16");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2118");
      script_xref(name:"RHSA", value:"2016:0621");
    
      script_name(english:"Oracle Linux 5 : samba (ELSA-2016-0621) (Badlock)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:0621 :
    
    An update for samba is now available for Red Hat Enterprise Linux 5.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    [Updated 14 April 2016] This advisory previously incorrectly listed
    the CVE-2016-2112 issue as addressed by this update. However, this
    issue did not affect the samba packages on Red Hat Enterprise Linux 5.
    The CVE-2016-2115 was also incorrectly listed as addressed by this
    update. This issue does affect the samba packages on Red Hat
    Enterprise Linux 5. Customers are advised to use the 'client signing =
    required' configuration option in the smb.conf file to mitigate
    CVE-2016-2115. No changes have been made to the packages.
    
    Samba is an open source implementation of the Server Message Block
    (SMB) protocol and the related Common Internet File System (CIFS)
    protocol, which allow PC-compatible machines to share files, printers,
    and various information.
    
    Security Fix(es) :
    
    * A protocol flaw, publicly referred to as Badlock, was found in the
    Security Account Manager Remote Protocol (MS-SAMR) and the Local
    Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any
    authenticated DCE/RPC connection that a client initiates against a
    server could be used by a man-in-the-middle attacker to impersonate
    the authenticated user against the SAMR or LSA service on the server.
    As a result, the attacker would be able to get read/write access to
    the Security Account Manager database, and use this to reveal all
    passwords or any other potentially sensitive information in that
    database. (CVE-2016-2118)
    
    * Several flaws were found in Samba's implementation of NTLMSSP
    authentication. An unauthenticated, man-in-the-middle attacker could
    use this flaw to clear the encryption and integrity flags of a
    connection, causing data to be transmitted in plain text. The attacker
    could also force the client or server into sending data in plain text
    even if encryption was explicitly requested for that connection.
    (CVE-2016-2110)
    
    * It was discovered that Samba configured as a Domain Controller would
    establish a secure communication channel with a machine using a
    spoofed computer name. A remote attacker able to observe network
    traffic could use this flaw to obtain session-related information
    about the spoofed machine. (CVE-2016-2111)
    
    Red Hat would like to thank the Samba project for reporting these
    issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the
    original reporter of CVE-2016-2118 and CVE-2016-2110."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-April/005950.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected samba packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-swat");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"libsmbclient-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"libsmbclient-devel-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"samba-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"samba-client-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"samba-common-3.0.33-3.41.el5_11")) flag++;
    if (rpm_check(release:"EL5", reference:"samba-swat-3.0.33-3.41.el5_11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1022-1.NASL
    descriptionSamba was updated to the 4.2.x codestream, bringing some new features and security fixes (bsc#973832, FATE#320709). These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118:
    last seen2020-06-01
    modified2020-06-02
    plugin id90532
    published2016-04-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90532
    titleSUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0624.NASL
    descriptionAn update for samba3x is now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90500
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90500
    titleRHEL 5 : samba3x (RHSA-2016:0624) (Badlock)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3548.NASL
    descriptionSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. - CVE-2016-2110 Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. - CVE-2016-2111 When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel
    last seen2020-06-01
    modified2020-06-02
    plugin id90515
    published2016-04-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90515
    titleDebian DSA-3548-1 : samba - security update (Badlock)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0623.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 13 April 2016] This advisory previously incorrectly listed the CVE-2015-5370 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5.6 and 5.9 Long Life. No changes have been made to the packages. [Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5.6 and 5.9 Long Life. The CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Customers are advised to use the
    last seen2020-06-01
    modified2020-06-02
    plugin id90499
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90499
    titleRHEL 5 : samba (RHSA-2016:0623) (Badlock)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL53313971.NASL
    descriptionCVE-2016-2110 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. CVE-2016-2115 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
    last seen2020-06-01
    modified2020-06-02
    plugin id93202
    published2016-08-30
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93202
    titleF5 Networks BIG-IP : Samba vulnerabilities (K53313971)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-BE53260726.NASL
    descriptionSecurity fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-04-14
    plugin id90519
    published2016-04-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90519
    titleFedora 23 : samba-4.3.8-0.fc23 (2016-be53260726) (Badlock)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0611.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 13 April 2016] This advisory previously did not list the CVE-2016-2110 issue as addressed by this update. However, this issue did affect samba on Red Hat Enterprise Linux 6, and is addressed by this update. No changes have been made to the packages. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90449
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90449
    titleCentOS 6 : samba (CESA-2016:0611) (Badlock)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0613.NASL
    descriptionAn update for samba3x is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90493
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90493
    titleRHEL 5 : samba3x (RHSA-2016:0613) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1024-1.NASL
    descriptionsamba was updated to fix seven security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118:
    last seen2020-06-01
    modified2020-06-02
    plugin id90534
    published2016-04-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90534
    titleSUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1024-1) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1023-1.NASL
    descriptionsamba was updated to fix seven security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118:
    last seen2020-06-01
    modified2020-06-02
    plugin id90533
    published2016-04-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90533
    titleSUSE SLES11 Security Update : samba (SUSE-SU-2016:1023-1) (Badlock)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160412_SAMBA_AND_SAMBA4_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were found in Samba
    last seen2020-03-18
    modified2016-04-13
    plugin id90502
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90502
    titleScientific Linux Security Update : samba and samba4 on SL6.x, SL7.x i386/x86_64 (20160412) (Badlock)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0612.NASL
    descriptionFrom Red Hat Security Advisory 2016:0612 : An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90487
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90487
    titleOracle Linux 6 / 7 : samba / samba4 (ELSA-2016-0612) (Badlock)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-106-02.NASL
    descriptionNew samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90548
    published2016-04-18
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90548
    titleSlackware 14.0 / 14.1 / current : samba (SSA:2016-106-02) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-462.NASL
    descriptionsamba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118:
    last seen2020-06-05
    modified2016-04-18
    plugin id90558
    published2016-04-18
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90558
    titleopenSUSE Security Update : samba (openSUSE-2016-462) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-490.NASL
    descriptionThis update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114:
    last seen2020-06-05
    modified2016-04-21
    plugin id90609
    published2016-04-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90609
    titleopenSUSE Security Update : samba (openSUSE-2016-490) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-453.NASL
    descriptionsamba was updated to fix seven security issues. These security issues were fixed : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118:
    last seen2020-06-05
    modified2016-04-14
    plugin id90522
    published2016-04-14
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90522
    titleopenSUSE Security Update : samba (openSUSE-2016-453) (Badlock)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-686.NASL
    descriptionMultiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90514
    published2016-04-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90514
    titleAmazon Linux AMI : samba (ALAS-2016-686) (Badlock)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-48B3761BAA.NASL
    descriptionSecurity fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-04-14
    plugin id90516
    published2016-04-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90516
    titleFedora 22 : samba-4.2.11-0.fc22 (2016-48b3761baa) (Badlock)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0618.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90495
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90495
    titleRHEL 7 : samba (RHSA-2016:0618) (Badlock)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2950-1.NASL
    descriptionJouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90588
    published2016-04-19
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90588
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2950-1) (Badlock)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201612-47.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201612-47 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service condition, conduct a man-in-the-middle attack, obtain sensitive information, or bypass file permissions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96127
    published2016-12-27
    reporterThis script is Copyright (C) 2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96127
    titleGLSA-201612-47 : Samba: Multiple vulnerabilities (Badlock)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A636FC2600D911E6B704000C292E4FD8.NASL
    descriptionSamba team reports : [CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. [CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. [CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel
    last seen2020-06-01
    modified2020-06-02
    plugin id90474
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90474
    titleFreeBSD : samba -- multiple vulnerabilities (a636fc26-00d9-11e6-b704-000c292e4fd8) (Badlock)
  • NASL familyMisc.
    NASL idSAMBA_4_3_7.NASL
    descriptionThe version of Samba running on the remote host is 3.x or 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370) - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110) - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel
    last seen2020-06-01
    modified2020-06-02
    plugin id90508
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90508
    titleSamba 3.x < 4.2.10 / 4.2.x < 4.2.10 / 4.3.x < 4.3.7 / 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0611.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 13 April 2016] This advisory previously did not list the CVE-2016-2110 issue as addressed by this update. However, this issue did affect samba on Red Hat Enterprise Linux 6, and is addressed by this update. No changes have been made to the packages. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90491
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90491
    titleRHEL 6 : samba (RHSA-2016:0611) (Badlock)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0613.NASL
    descriptionFrom Red Hat Security Advisory 2016:0613 : An update for samba3x is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90488
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90488
    titleOracle Linux 5 : samba3x (ELSA-2016-0613) (Badlock)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0612.NASL
    descriptionAn update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90450
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90450
    titleCentOS 6 / 7 : ipa / libldb / libtalloc / libtdb / libtevent / openchange / samba / samba4 (CESA-2016:0612) (Badlock)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0614.NASL
    descriptionAn update for samba is now available for Red Hat Gluster Storage 3.1 for RHEL 6 and Red Hat Gluster Storage 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90530
    published2016-04-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90530
    titleRHEL 6 / 7 : Storage Server (RHSA-2016:0614) (Badlock)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2950-4.NASL
    descriptionUSN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the
    last seen2020-06-01
    modified2020-06-02
    plugin id91256
    published2016-05-19
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91256
    titleUbuntu 12.04 LTS : samba regressions (USN-2950-4) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-659.NASL
    descriptionThis update for samba fixes the following issues including some regressions from the BADLOCK security update : - libads: record session expiry for spnego sasl binds; (bso#11852); (boo#979268). - fix NT_STATUS_ACCESS_DENIED when accessing windows public share; (bso#11841). - Only validate MIC if
    last seen2020-06-05
    modified2016-06-01
    plugin id91406
    published2016-06-01
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91406
    titleopenSUSE Security Update : samba (openSUSE-2016-659)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0619.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90496
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90496
    titleRHEL 6 : samba (RHSA-2016:0619) (Badlock)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160412_SAMBA3X_ON_SL5_X.NASL
    descriptionSecurity Fix(es) : - Multiple flaws were found in Samba
    last seen2020-03-18
    modified2016-04-13
    plugin id90501
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90501
    titleScientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20160412) (Badlock)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1105-1.NASL
    descriptionSamba was updated to fix three security issues. These security issues were fixed : CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bso#11688, bsc#973031). CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bso#11749, bsc#973032). CVE-2015-5252: Insufficient symlink verification (allowed file access outside the share) (bso#11395, bnc#958582). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90623
    published2016-04-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90623
    titleSUSE SLES10 Security Update : samba (SUSE-SU-2016:1105-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0621.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5. The CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5. Customers are advised to use the
    last seen2020-06-01
    modified2020-06-02
    plugin id90498
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90498
    titleRHEL 5 : samba (RHSA-2016:0621) (Badlock)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0621.NASL
    descriptionAn update for samba is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5. The CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5. Customers are advised to use the
    last seen2020-06-01
    modified2020-06-02
    plugin id90452
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90452
    titleCentOS 5 : samba (CESA-2016:0621) (Badlock)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2950-5.NASL
    descriptionUSN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91333
    published2016-05-26
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91333
    titleUbuntu 14.04 LTS / 15.10 / 16.04 LTS : samba regression (USN-2950-5) (Badlock)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2950-3.NASL
    descriptionUSN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90915
    published2016-05-05
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90915
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : samba regressions (USN-2950-3) (Badlock)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0612.NASL
    descriptionAn update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90492
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90492
    titleRHEL 6 / 7 : samba and samba4 (RHSA-2016:0612) (Badlock)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2950-2.NASL
    descriptionUSN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90824
    published2016-05-02
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90824
    titleUbuntu 14.04 LTS / 15.10 / 16.04 LTS : libsoup2.4 update (USN-2950-2) (Badlock)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0611.NASL
    descriptionFrom Red Hat Security Advisory 2016:0611 : An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 13 April 2016] This advisory previously did not list the CVE-2016-2110 issue as addressed by this update. However, this issue did affect samba on Red Hat Enterprise Linux 6, and is addressed by this update. No changes have been made to the packages. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90486
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90486
    titleOracle Linux 6 : samba (ELSA-2016-0611) (Badlock)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-383FCE04E2.NASL
    descriptionSecurity fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-04-22
    plugin id90646
    published2016-04-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90646
    titleFedora 24 : samba-4.4.2-1.fc24 (2016-383fce04e2) (Badlock)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0613.NASL
    descriptionAn update for samba3x is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es) : * Multiple flaws were found in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id90451
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90451
    titleCentOS 5 : samba3x (CESA-2016:0613) (Badlock)

Redhat

advisories
  • rhsa
    idRHSA-2016:0611
  • rhsa
    idRHSA-2016:0612
  • rhsa
    idRHSA-2016:0613
  • rhsa
    idRHSA-2016:0614
  • rhsa
    idRHSA-2016:0618
  • rhsa
    idRHSA-2016:0619
  • rhsa
    idRHSA-2016:0620
  • rhsa
    idRHSA-2016:0621
  • rhsa
    idRHSA-2016:0623
  • rhsa
    idRHSA-2016:0624
  • rhsa
    idRHSA-2016:0625
rpms
  • libsmbclient-0:3.6.23-30.el6_7
  • libsmbclient-devel-0:3.6.23-30.el6_7
  • samba-0:3.6.23-30.el6_7
  • samba-client-0:3.6.23-30.el6_7
  • samba-common-0:3.6.23-30.el6_7
  • samba-debuginfo-0:3.6.23-30.el6_7
  • samba-doc-0:3.6.23-30.el6_7
  • samba-domainjoin-gui-0:3.6.23-30.el6_7
  • samba-glusterfs-0:3.6.23-30.el6_7
  • samba-swat-0:3.6.23-30.el6_7
  • samba-winbind-0:3.6.23-30.el6_7
  • samba-winbind-clients-0:3.6.23-30.el6_7
  • samba-winbind-devel-0:3.6.23-30.el6_7
  • samba-winbind-krb5-locator-0:3.6.23-30.el6_7
  • ctdb-0:4.2.10-6.el7_2
  • ctdb-devel-0:4.2.10-6.el7_2
  • ctdb-tests-0:4.2.10-6.el7_2
  • ipa-admintools-0:3.0.0-47.el6_7.2
  • ipa-admintools-0:4.2.0-15.el7_2.6.1
  • ipa-client-0:3.0.0-47.el6_7.2
  • ipa-client-0:4.2.0-15.el7_2.6.1
  • ipa-debuginfo-0:3.0.0-47.el6_7.2
  • ipa-debuginfo-0:4.2.0-15.el7_2.6.1
  • ipa-python-0:3.0.0-47.el6_7.2
  • ipa-python-0:4.2.0-15.el7_2.6.1
  • ipa-server-0:3.0.0-47.el6_7.2
  • ipa-server-0:4.2.0-15.el7_2.6.1
  • ipa-server-dns-0:4.2.0-15.el7_2.6.1
  • ipa-server-selinux-0:3.0.0-47.el6_7.2
  • ipa-server-trust-ad-0:3.0.0-47.el6_7.2
  • ipa-server-trust-ad-0:4.2.0-15.el7_2.6.1
  • ldb-tools-0:1.1.25-1.el7_2
  • ldb-tools-0:1.1.25-2.el6_7
  • libldb-0:1.1.25-1.el7_2
  • libldb-0:1.1.25-2.el6_7
  • libldb-debuginfo-0:1.1.25-1.el7_2
  • libldb-debuginfo-0:1.1.25-2.el6_7
  • libldb-devel-0:1.1.25-1.el7_2
  • libldb-devel-0:1.1.25-2.el6_7
  • libsmbclient-0:4.2.10-6.el7_2
  • libsmbclient-devel-0:4.2.10-6.el7_2
  • libtalloc-0:2.1.5-1.el6_7
  • libtalloc-0:2.1.5-1.el7_2
  • libtalloc-debuginfo-0:2.1.5-1.el6_7
  • libtalloc-debuginfo-0:2.1.5-1.el7_2
  • libtalloc-devel-0:2.1.5-1.el6_7
  • libtalloc-devel-0:2.1.5-1.el7_2
  • libtdb-0:1.3.8-1.el6_7
  • libtdb-0:1.3.8-1.el7_2
  • libtdb-debuginfo-0:1.3.8-1.el6_7
  • libtdb-debuginfo-0:1.3.8-1.el7_2
  • libtdb-devel-0:1.3.8-1.el6_7
  • libtdb-devel-0:1.3.8-1.el7_2
  • libtevent-0:0.9.26-1.el7_2
  • libtevent-0:0.9.26-2.el6_7
  • libtevent-debuginfo-0:0.9.26-1.el7_2
  • libtevent-debuginfo-0:0.9.26-2.el6_7
  • libtevent-devel-0:0.9.26-1.el7_2
  • libtevent-devel-0:0.9.26-2.el6_7
  • libwbclient-0:4.2.10-6.el7_2
  • libwbclient-devel-0:4.2.10-6.el7_2
  • openchange-0:1.0-7.el6_7
  • openchange-0:2.0-10.el7_2
  • openchange-client-0:1.0-7.el6_7
  • openchange-client-0:2.0-10.el7_2
  • openchange-debuginfo-0:1.0-7.el6_7
  • openchange-debuginfo-0:2.0-10.el7_2
  • openchange-devel-0:1.0-7.el6_7
  • openchange-devel-0:2.0-10.el7_2
  • openchange-devel-docs-0:1.0-7.el6_7
  • openchange-devel-docs-0:2.0-10.el7_2
  • pyldb-0:1.1.25-1.el7_2
  • pyldb-0:1.1.25-2.el6_7
  • pyldb-devel-0:1.1.25-1.el7_2
  • pyldb-devel-0:1.1.25-2.el6_7
  • pytalloc-0:2.1.5-1.el6_7
  • pytalloc-0:2.1.5-1.el7_2
  • pytalloc-devel-0:2.1.5-1.el6_7
  • pytalloc-devel-0:2.1.5-1.el7_2
  • python-tdb-0:1.3.8-1.el6_7
  • python-tdb-0:1.3.8-1.el7_2
  • python-tevent-0:0.9.26-1.el7_2
  • python-tevent-0:0.9.26-2.el6_7
  • samba-0:4.2.10-6.el7_2
  • samba-client-0:4.2.10-6.el7_2
  • samba-client-libs-0:4.2.10-6.el7_2
  • samba-common-0:4.2.10-6.el7_2
  • samba-common-libs-0:4.2.10-6.el7_2
  • samba-common-tools-0:4.2.10-6.el7_2
  • samba-dc-0:4.2.10-6.el7_2
  • samba-dc-libs-0:4.2.10-6.el7_2
  • samba-debuginfo-0:4.2.10-6.el7_2
  • samba-devel-0:4.2.10-6.el7_2
  • samba-libs-0:4.2.10-6.el7_2
  • samba-pidl-0:4.2.10-6.el7_2
  • samba-python-0:4.2.10-6.el7_2
  • samba-test-0:4.2.10-6.el7_2
  • samba-test-devel-0:4.2.10-6.el7_2
  • samba-test-libs-0:4.2.10-6.el7_2
  • samba-vfs-glusterfs-0:4.2.10-6.el7_2
  • samba-winbind-0:4.2.10-6.el7_2
  • samba-winbind-clients-0:4.2.10-6.el7_2
  • samba-winbind-krb5-locator-0:4.2.10-6.el7_2
  • samba-winbind-modules-0:4.2.10-6.el7_2
  • samba4-0:4.2.10-6.el6_7
  • samba4-client-0:4.2.10-6.el6_7
  • samba4-common-0:4.2.10-6.el6_7
  • samba4-dc-0:4.2.10-6.el6_7
  • samba4-dc-libs-0:4.2.10-6.el6_7
  • samba4-debuginfo-0:4.2.10-6.el6_7
  • samba4-devel-0:4.2.10-6.el6_7
  • samba4-libs-0:4.2.10-6.el6_7
  • samba4-pidl-0:4.2.10-6.el6_7
  • samba4-python-0:4.2.10-6.el6_7
  • samba4-test-0:4.2.10-6.el6_7
  • samba4-winbind-0:4.2.10-6.el6_7
  • samba4-winbind-clients-0:4.2.10-6.el6_7
  • samba4-winbind-krb5-locator-0:4.2.10-6.el6_7
  • tdb-tools-0:1.3.8-1.el6_7
  • tdb-tools-0:1.3.8-1.el7_2
  • samba3x-0:3.6.23-12.el5_11
  • samba3x-client-0:3.6.23-12.el5_11
  • samba3x-common-0:3.6.23-12.el5_11
  • samba3x-debuginfo-0:3.6.23-12.el5_11
  • samba3x-doc-0:3.6.23-12.el5_11
  • samba3x-domainjoin-gui-0:3.6.23-12.el5_11
  • samba3x-swat-0:3.6.23-12.el5_11
  • samba3x-winbind-0:3.6.23-12.el5_11
  • samba3x-winbind-devel-0:3.6.23-12.el5_11
  • ctdb-0:4.2.11-2.el6rhs
  • ctdb-0:4.2.11-2.el7rhgs
  • ctdb-devel-0:4.2.11-2.el6rhs
  • ctdb-devel-0:4.2.11-2.el7rhgs
  • ctdb-tests-0:4.2.11-2.el6rhs
  • ctdb-tests-0:4.2.11-2.el7rhgs
  • ldb-tools-0:1.1.24-1.el6rhs
  • ldb-tools-0:1.1.24-1.el7rhgs
  • libldb-0:1.1.24-1.el6rhs
  • libldb-0:1.1.24-1.el7rhgs
  • libldb-debuginfo-0:1.1.24-1.el6rhs
  • libldb-debuginfo-0:1.1.24-1.el7rhgs
  • libldb-devel-0:1.1.24-1.el6rhs
  • libldb-devel-0:1.1.24-1.el7rhgs
  • libsmbclient-0:4.2.11-2.el6rhs
  • libsmbclient-0:4.2.11-2.el7rhgs
  • libsmbclient-devel-0:4.2.11-2.el6rhs
  • libsmbclient-devel-0:4.2.11-2.el7rhgs
  • libtalloc-0:2.1.5-1.el6rhs
  • libtalloc-0:2.1.5-1.el7rhgs
  • libtalloc-debuginfo-0:2.1.5-1.el6rhs
  • libtalloc-debuginfo-0:2.1.5-1.el7rhgs
  • libtalloc-devel-0:2.1.5-1.el6rhs
  • libtalloc-devel-0:2.1.5-1.el7rhgs
  • libtdb-0:1.3.8-1.el6rhs
  • libtdb-0:1.3.8-1.el7rhgs
  • libtdb-debuginfo-0:1.3.8-1.el6rhs
  • libtdb-debuginfo-0:1.3.8-1.el7rhgs
  • libtdb-devel-0:1.3.8-1.el6rhs
  • libtdb-devel-0:1.3.8-1.el7rhgs
  • libtevent-0:0.9.26-1.el6rhs
  • libtevent-0:0.9.26-1.el7rhgs
  • libtevent-debuginfo-0:0.9.26-1.el6rhs
  • libtevent-debuginfo-0:0.9.26-1.el7rhgs
  • libtevent-devel-0:0.9.26-1.el6rhs
  • libtevent-devel-0:0.9.26-1.el7rhgs
  • libwbclient-0:4.2.11-2.el6rhs
  • libwbclient-0:4.2.11-2.el7rhgs
  • libwbclient-devel-0:4.2.11-2.el6rhs
  • libwbclient-devel-0:4.2.11-2.el7rhgs
  • pyldb-0:1.1.24-1.el6rhs
  • pyldb-0:1.1.24-1.el7rhgs
  • pyldb-devel-0:1.1.24-1.el6rhs
  • pyldb-devel-0:1.1.24-1.el7rhgs
  • pytalloc-0:2.1.5-1.el6rhs
  • pytalloc-0:2.1.5-1.el7rhgs
  • pytalloc-devel-0:2.1.5-1.el6rhs
  • pytalloc-devel-0:2.1.5-1.el7rhgs
  • python-tdb-0:1.3.8-1.el6rhs
  • python-tdb-0:1.3.8-1.el7rhgs
  • python-tevent-0:0.9.26-1.el6rhs
  • python-tevent-0:0.9.26-1.el7rhgs
  • samba-0:4.2.11-2.el6rhs
  • samba-0:4.2.11-2.el7rhgs
  • samba-client-0:4.2.11-2.el6rhs
  • samba-client-0:4.2.11-2.el7rhgs
  • samba-client-libs-0:4.2.11-2.el6rhs
  • samba-client-libs-0:4.2.11-2.el7rhgs
  • samba-common-0:4.2.11-2.el6rhs
  • samba-common-0:4.2.11-2.el7rhgs
  • samba-common-libs-0:4.2.11-2.el6rhs
  • samba-common-libs-0:4.2.11-2.el7rhgs
  • samba-common-tools-0:4.2.11-2.el6rhs
  • samba-common-tools-0:4.2.11-2.el7rhgs
  • samba-dc-0:4.2.11-2.el6rhs
  • samba-dc-0:4.2.11-2.el7rhgs
  • samba-dc-libs-0:4.2.11-2.el6rhs
  • samba-dc-libs-0:4.2.11-2.el7rhgs
  • samba-debuginfo-0:4.2.11-2.el6rhs
  • samba-debuginfo-0:4.2.11-2.el7rhgs
  • samba-devel-0:4.2.11-2.el6rhs
  • samba-devel-0:4.2.11-2.el7rhgs
  • samba-libs-0:4.2.11-2.el6rhs
  • samba-libs-0:4.2.11-2.el7rhgs
  • samba-pidl-0:4.2.11-2.el6rhs
  • samba-pidl-0:4.2.11-2.el7rhgs
  • samba-python-0:4.2.11-2.el6rhs
  • samba-python-0:4.2.11-2.el7rhgs
  • samba-test-0:4.2.11-2.el6rhs
  • samba-test-0:4.2.11-2.el7rhgs
  • samba-test-devel-0:4.2.11-2.el6rhs
  • samba-test-devel-0:4.2.11-2.el7rhgs
  • samba-test-libs-0:4.2.11-2.el6rhs
  • samba-test-libs-0:4.2.11-2.el7rhgs
  • samba-vfs-glusterfs-0:4.2.11-2.el6rhs
  • samba-vfs-glusterfs-0:4.2.11-2.el7rhgs
  • samba-winbind-0:4.2.11-2.el6rhs
  • samba-winbind-0:4.2.11-2.el7rhgs
  • samba-winbind-clients-0:4.2.11-2.el6rhs
  • samba-winbind-clients-0:4.2.11-2.el7rhgs
  • samba-winbind-krb5-locator-0:4.2.11-2.el6rhs
  • samba-winbind-krb5-locator-0:4.2.11-2.el7rhgs
  • samba-winbind-modules-0:4.2.11-2.el6rhs
  • samba-winbind-modules-0:4.2.11-2.el7rhgs
  • tdb-tools-0:1.3.8-1.el6rhs
  • tdb-tools-0:1.3.8-1.el7rhgs
  • ctdb-0:4.2.10-5.ael7b_1
  • ctdb-0:4.2.10-5.el7_1
  • ctdb-devel-0:4.2.10-5.ael7b_1
  • ctdb-devel-0:4.2.10-5.el7_1
  • ctdb-tests-0:4.2.10-5.ael7b_1
  • ctdb-tests-0:4.2.10-5.el7_1
  • ipa-admintools-0:4.1.0-18.ael7b_1.6
  • ipa-admintools-0:4.1.0-18.el7_1.6
  • ipa-client-0:4.1.0-18.ael7b_1.6
  • ipa-client-0:4.1.0-18.el7_1.6
  • ipa-debuginfo-0:4.1.0-18.ael7b_1.6
  • ipa-debuginfo-0:4.1.0-18.el7_1.6
  • ipa-python-0:4.1.0-18.ael7b_1.6
  • ipa-python-0:4.1.0-18.el7_1.6
  • ipa-server-0:4.1.0-18.el7_1.6
  • ipa-server-trust-ad-0:4.1.0-18.el7_1.6
  • ldb-tools-0:1.1.25-1.ael7b_1
  • ldb-tools-0:1.1.25-1.el7_1
  • libldb-0:1.1.25-1.ael7b_1
  • libldb-0:1.1.25-1.el7_1
  • libldb-debuginfo-0:1.1.25-1.ael7b_1
  • libldb-debuginfo-0:1.1.25-1.el7_1
  • libldb-devel-0:1.1.25-1.ael7b_1
  • libldb-devel-0:1.1.25-1.el7_1
  • libsmbclient-0:4.2.10-5.ael7b_1
  • libsmbclient-0:4.2.10-5.el7_1
  • libsmbclient-devel-0:4.2.10-5.ael7b_1
  • libsmbclient-devel-0:4.2.10-5.el7_1
  • libtalloc-0:2.1.5-1.ael7b_1
  • libtalloc-0:2.1.5-1.el7_1
  • libtalloc-debuginfo-0:2.1.5-1.ael7b_1
  • libtalloc-debuginfo-0:2.1.5-1.el7_1
  • libtalloc-devel-0:2.1.5-1.ael7b_1
  • libtalloc-devel-0:2.1.5-1.el7_1
  • libtdb-0:1.3.8-1.ael7b_1
  • libtdb-0:1.3.8-1.el7_1
  • libtdb-debuginfo-0:1.3.8-1.ael7b_1
  • libtdb-debuginfo-0:1.3.8-1.el7_1
  • libtdb-devel-0:1.3.8-1.ael7b_1
  • libtdb-devel-0:1.3.8-1.el7_1
  • libtevent-0:0.9.26-1.ael7b_1
  • libtevent-0:0.9.26-1.el7_1
  • libtevent-debuginfo-0:0.9.26-1.ael7b_1
  • libtevent-debuginfo-0:0.9.26-1.el7_1
  • libtevent-devel-0:0.9.26-1.ael7b_1
  • libtevent-devel-0:0.9.26-1.el7_1
  • libwbclient-0:4.2.10-5.ael7b_1
  • libwbclient-0:4.2.10-5.el7_1
  • libwbclient-devel-0:4.2.10-5.ael7b_1
  • libwbclient-devel-0:4.2.10-5.el7_1
  • openchange-0:2.0-4.ael7b_1.1
  • openchange-0:2.0-4.el7_1.1
  • openchange-client-0:2.0-4.ael7b_1.1
  • openchange-client-0:2.0-4.el7_1.1
  • openchange-debuginfo-0:2.0-4.ael7b_1.1
  • openchange-debuginfo-0:2.0-4.el7_1.1
  • openchange-devel-0:2.0-4.ael7b_1.1
  • openchange-devel-0:2.0-4.el7_1.1
  • openchange-devel-docs-0:2.0-4.ael7b_1.1
  • openchange-devel-docs-0:2.0-4.el7_1.1
  • pyldb-0:1.1.25-1.ael7b_1
  • pyldb-0:1.1.25-1.el7_1
  • pyldb-devel-0:1.1.25-1.ael7b_1
  • pyldb-devel-0:1.1.25-1.el7_1
  • pytalloc-0:2.1.5-1.ael7b_1
  • pytalloc-0:2.1.5-1.el7_1
  • pytalloc-devel-0:2.1.5-1.ael7b_1
  • pytalloc-devel-0:2.1.5-1.el7_1
  • python-tdb-0:1.3.8-1.ael7b_1
  • python-tdb-0:1.3.8-1.el7_1
  • python-tevent-0:0.9.26-1.ael7b_1
  • python-tevent-0:0.9.26-1.el7_1
  • samba-0:4.2.10-5.ael7b_1
  • samba-0:4.2.10-5.el7_1
  • samba-client-0:4.2.10-5.ael7b_1
  • samba-client-0:4.2.10-5.el7_1
  • samba-client-libs-0:4.2.10-5.ael7b_1
  • samba-client-libs-0:4.2.10-5.el7_1
  • samba-common-0:4.2.10-5.ael7b_1
  • samba-common-0:4.2.10-5.el7_1
  • samba-common-libs-0:4.2.10-5.ael7b_1
  • samba-common-libs-0:4.2.10-5.el7_1
  • samba-common-tools-0:4.2.10-5.ael7b_1
  • samba-common-tools-0:4.2.10-5.el7_1
  • samba-dc-0:4.2.10-5.ael7b_1
  • samba-dc-0:4.2.10-5.el7_1
  • samba-dc-libs-0:4.2.10-5.ael7b_1
  • samba-dc-libs-0:4.2.10-5.el7_1
  • samba-debuginfo-0:4.2.10-5.ael7b_1
  • samba-debuginfo-0:4.2.10-5.el7_1
  • samba-devel-0:4.2.10-5.ael7b_1
  • samba-devel-0:4.2.10-5.el7_1
  • samba-libs-0:4.2.10-5.ael7b_1
  • samba-libs-0:4.2.10-5.el7_1
  • samba-pidl-0:4.2.10-5.ael7b_1
  • samba-pidl-0:4.2.10-5.el7_1
  • samba-python-0:4.2.10-5.ael7b_1
  • samba-python-0:4.2.10-5.el7_1
  • samba-test-0:4.2.10-5.ael7b_1
  • samba-test-0:4.2.10-5.el7_1
  • samba-test-devel-0:4.2.10-5.ael7b_1
  • samba-test-devel-0:4.2.10-5.el7_1
  • samba-test-libs-0:4.2.10-5.ael7b_1
  • samba-test-libs-0:4.2.10-5.el7_1
  • samba-vfs-glusterfs-0:4.2.10-5.el7_1
  • samba-winbind-0:4.2.10-5.ael7b_1
  • samba-winbind-0:4.2.10-5.el7_1
  • samba-winbind-clients-0:4.2.10-5.ael7b_1
  • samba-winbind-clients-0:4.2.10-5.el7_1
  • samba-winbind-krb5-locator-0:4.2.10-5.ael7b_1
  • samba-winbind-krb5-locator-0:4.2.10-5.el7_1
  • samba-winbind-modules-0:4.2.10-5.ael7b_1
  • samba-winbind-modules-0:4.2.10-5.el7_1
  • tdb-tools-0:1.3.8-1.ael7b_1
  • tdb-tools-0:1.3.8-1.el7_1
  • libsmbclient-0:3.6.23-30.el6_2
  • libsmbclient-0:3.6.23-30.el6_4
  • libsmbclient-0:3.6.23-30.el6_5
  • libsmbclient-0:3.6.23-30.el6_6
  • libsmbclient-devel-0:3.6.23-30.el6_2
  • libsmbclient-devel-0:3.6.23-30.el6_4
  • libsmbclient-devel-0:3.6.23-30.el6_5
  • libsmbclient-devel-0:3.6.23-30.el6_6
  • samba-0:3.6.23-30.el6_2
  • samba-0:3.6.23-30.el6_4
  • samba-0:3.6.23-30.el6_5
  • samba-0:3.6.23-30.el6_6
  • samba-client-0:3.6.23-30.el6_2
  • samba-client-0:3.6.23-30.el6_4
  • samba-client-0:3.6.23-30.el6_5
  • samba-client-0:3.6.23-30.el6_6
  • samba-common-0:3.6.23-30.el6_2
  • samba-common-0:3.6.23-30.el6_4
  • samba-common-0:3.6.23-30.el6_5
  • samba-common-0:3.6.23-30.el6_6
  • samba-debuginfo-0:3.6.23-30.el6_2
  • samba-debuginfo-0:3.6.23-30.el6_4
  • samba-debuginfo-0:3.6.23-30.el6_5
  • samba-debuginfo-0:3.6.23-30.el6_6
  • samba-doc-0:3.6.23-30.el6_2
  • samba-doc-0:3.6.23-30.el6_4
  • samba-doc-0:3.6.23-30.el6_5
  • samba-doc-0:3.6.23-30.el6_6
  • samba-domainjoin-gui-0:3.6.23-30.el6_2
  • samba-domainjoin-gui-0:3.6.23-30.el6_4
  • samba-domainjoin-gui-0:3.6.23-30.el6_5
  • samba-domainjoin-gui-0:3.6.23-30.el6_6
  • samba-glusterfs-0:3.6.23-30.el6_6
  • samba-swat-0:3.6.23-30.el6_2
  • samba-swat-0:3.6.23-30.el6_4
  • samba-swat-0:3.6.23-30.el6_5
  • samba-swat-0:3.6.23-30.el6_6
  • samba-winbind-0:3.6.23-30.el6_2
  • samba-winbind-0:3.6.23-30.el6_4
  • samba-winbind-0:3.6.23-30.el6_5
  • samba-winbind-0:3.6.23-30.el6_6
  • samba-winbind-clients-0:3.6.23-30.el6_2
  • samba-winbind-clients-0:3.6.23-30.el6_4
  • samba-winbind-clients-0:3.6.23-30.el6_5
  • samba-winbind-clients-0:3.6.23-30.el6_6
  • samba-winbind-devel-0:3.6.23-30.el6_2
  • samba-winbind-devel-0:3.6.23-30.el6_4
  • samba-winbind-devel-0:3.6.23-30.el6_5
  • samba-winbind-devel-0:3.6.23-30.el6_6
  • samba-winbind-krb5-locator-0:3.6.23-30.el6_2
  • samba-winbind-krb5-locator-0:3.6.23-30.el6_4
  • samba-winbind-krb5-locator-0:3.6.23-30.el6_5
  • samba-winbind-krb5-locator-0:3.6.23-30.el6_6
  • evolution-mapi-0:0.28.3-8.el6_2
  • evolution-mapi-debuginfo-0:0.28.3-8.el6_2
  • evolution-mapi-devel-0:0.28.3-8.el6_2
  • ipa-admintools-0:3.0.0-26.el6_4.5
  • ipa-admintools-0:3.0.0-37.el6_5.1
  • ipa-admintools-0:3.0.0-42.el6_6.1
  • ipa-client-0:3.0.0-26.el6_4.5
  • ipa-client-0:3.0.0-37.el6_5.1
  • ipa-client-0:3.0.0-42.el6_6.1
  • ipa-debuginfo-0:3.0.0-26.el6_4.5
  • ipa-debuginfo-0:3.0.0-37.el6_5.1
  • ipa-debuginfo-0:3.0.0-42.el6_6.1
  • ipa-python-0:3.0.0-26.el6_4.5
  • ipa-python-0:3.0.0-37.el6_5.1
  • ipa-python-0:3.0.0-42.el6_6.1
  • ipa-server-0:3.0.0-26.el6_4.5
  • ipa-server-0:3.0.0-37.el6_5.1
  • ipa-server-0:3.0.0-42.el6_6.1
  • ipa-server-selinux-0:3.0.0-26.el6_4.5
  • ipa-server-selinux-0:3.0.0-37.el6_5.1
  • ipa-server-selinux-0:3.0.0-42.el6_6.1
  • ipa-server-trust-ad-0:3.0.0-26.el6_4.5
  • ipa-server-trust-ad-0:3.0.0-37.el6_5.1
  • ipa-server-trust-ad-0:3.0.0-42.el6_6.1
  • ldb-tools-0:1.1.25-2.el6_2
  • ldb-tools-0:1.1.25-2.el6_4
  • ldb-tools-0:1.1.25-2.el6_5
  • ldb-tools-0:1.1.25-2.el6_6
  • libipa_hbac-0:1.5.1-66.el6_2.5
  • libipa_hbac-0:1.9.2-129.el6_5.7
  • libipa_hbac-0:1.9.2-82.12.el6_4
  • libipa_hbac-devel-0:1.5.1-66.el6_2.5
  • libipa_hbac-devel-0:1.9.2-129.el6_5.7
  • libipa_hbac-devel-0:1.9.2-82.12.el6_4
  • libipa_hbac-python-0:1.5.1-66.el6_2.5
  • libipa_hbac-python-0:1.9.2-129.el6_5.7
  • libipa_hbac-python-0:1.9.2-82.12.el6_4
  • libldb-0:1.1.25-2.el6_2
  • libldb-0:1.1.25-2.el6_4
  • libldb-0:1.1.25-2.el6_5
  • libldb-0:1.1.25-2.el6_6
  • libldb-debuginfo-0:1.1.25-2.el6_2
  • libldb-debuginfo-0:1.1.25-2.el6_4
  • libldb-debuginfo-0:1.1.25-2.el6_5
  • libldb-debuginfo-0:1.1.25-2.el6_6
  • libldb-devel-0:1.1.25-2.el6_2
  • libldb-devel-0:1.1.25-2.el6_4
  • libldb-devel-0:1.1.25-2.el6_5
  • libldb-devel-0:1.1.25-2.el6_6
  • libsss_autofs-0:1.9.2-129.el6_5.7
  • libsss_autofs-0:1.9.2-82.12.el6_4
  • libsss_idmap-0:1.9.2-129.el6_5.7
  • libsss_idmap-0:1.9.2-82.12.el6_4
  • libsss_idmap-devel-0:1.9.2-129.el6_5.7
  • libsss_idmap-devel-0:1.9.2-82.12.el6_4
  • libsss_sudo-0:1.9.2-129.el6_5.7
  • libsss_sudo-0:1.9.2-82.12.el6_4
  • libsss_sudo-devel-0:1.9.2-129.el6_5.7
  • libsss_sudo-devel-0:1.9.2-82.12.el6_4
  • openchange-0:1.0-1.el6_2
  • openchange-0:1.0-5.el6_4
  • openchange-0:1.0-7.el6_5
  • openchange-0:1.0-7.el6_6
  • openchange-client-0:1.0-1.el6_2
  • openchange-client-0:1.0-5.el6_4
  • openchange-client-0:1.0-7.el6_5
  • openchange-client-0:1.0-7.el6_6
  • openchange-debuginfo-0:1.0-1.el6_2
  • openchange-debuginfo-0:1.0-5.el6_4
  • openchange-debuginfo-0:1.0-7.el6_5
  • openchange-debuginfo-0:1.0-7.el6_6
  • openchange-devel-0:1.0-1.el6_2
  • openchange-devel-0:1.0-5.el6_4
  • openchange-devel-0:1.0-7.el6_5
  • openchange-devel-0:1.0-7.el6_6
  • openchange-devel-docs-0:1.0-1.el6_2
  • openchange-devel-docs-0:1.0-5.el6_4
  • openchange-devel-docs-0:1.0-7.el6_5
  • openchange-devel-docs-0:1.0-7.el6_6
  • pyldb-0:1.1.25-2.el6_2
  • pyldb-0:1.1.25-2.el6_4
  • pyldb-0:1.1.25-2.el6_5
  • pyldb-0:1.1.25-2.el6_6
  • pyldb-devel-0:1.1.25-2.el6_2
  • pyldb-devel-0:1.1.25-2.el6_4
  • pyldb-devel-0:1.1.25-2.el6_5
  • pyldb-devel-0:1.1.25-2.el6_6
  • samba4-0:4.2.10-6.el6_2
  • samba4-0:4.2.10-6.el6_4
  • samba4-0:4.2.10-6.el6_5
  • samba4-0:4.2.10-6.el6_6
  • samba4-client-0:4.2.10-6.el6_4
  • samba4-client-0:4.2.10-6.el6_5
  • samba4-client-0:4.2.10-6.el6_6
  • samba4-common-0:4.2.10-6.el6_4
  • samba4-common-0:4.2.10-6.el6_5
  • samba4-common-0:4.2.10-6.el6_6
  • samba4-dc-0:4.2.10-6.el6_4
  • samba4-dc-0:4.2.10-6.el6_5
  • samba4-dc-0:4.2.10-6.el6_6
  • samba4-dc-libs-0:4.2.10-6.el6_4
  • samba4-dc-libs-0:4.2.10-6.el6_5
  • samba4-dc-libs-0:4.2.10-6.el6_6
  • samba4-debuginfo-0:4.2.10-6.el6_2
  • samba4-debuginfo-0:4.2.10-6.el6_4
  • samba4-debuginfo-0:4.2.10-6.el6_5
  • samba4-debuginfo-0:4.2.10-6.el6_6
  • samba4-devel-0:4.2.10-6.el6_2
  • samba4-devel-0:4.2.10-6.el6_4
  • samba4-devel-0:4.2.10-6.el6_5
  • samba4-devel-0:4.2.10-6.el6_6
  • samba4-libs-0:4.2.10-6.el6_2
  • samba4-libs-0:4.2.10-6.el6_4
  • samba4-libs-0:4.2.10-6.el6_5
  • samba4-libs-0:4.2.10-6.el6_6
  • samba4-pidl-0:4.2.10-6.el6_2
  • samba4-pidl-0:4.2.10-6.el6_4
  • samba4-pidl-0:4.2.10-6.el6_5
  • samba4-pidl-0:4.2.10-6.el6_6
  • samba4-python-0:4.2.10-6.el6_4
  • samba4-python-0:4.2.10-6.el6_5
  • samba4-python-0:4.2.10-6.el6_6
  • samba4-test-0:4.2.10-6.el6_4
  • samba4-test-0:4.2.10-6.el6_5
  • samba4-test-0:4.2.10-6.el6_6
  • samba4-winbind-0:4.2.10-6.el6_4
  • samba4-winbind-0:4.2.10-6.el6_5
  • samba4-winbind-0:4.2.10-6.el6_6
  • samba4-winbind-clients-0:4.2.10-6.el6_4
  • samba4-winbind-clients-0:4.2.10-6.el6_5
  • samba4-winbind-clients-0:4.2.10-6.el6_6
  • samba4-winbind-krb5-locator-0:4.2.10-6.el6_4
  • samba4-winbind-krb5-locator-0:4.2.10-6.el6_5
  • samba4-winbind-krb5-locator-0:4.2.10-6.el6_6
  • sssd-0:1.5.1-66.el6_2.5
  • sssd-0:1.9.2-129.el6_5.7
  • sssd-0:1.9.2-82.12.el6_4
  • sssd-client-0:1.5.1-66.el6_2.5
  • sssd-client-0:1.9.2-129.el6_5.7
  • sssd-client-0:1.9.2-82.12.el6_4
  • sssd-debuginfo-0:1.5.1-66.el6_2.5
  • sssd-debuginfo-0:1.9.2-129.el6_5.7
  • sssd-debuginfo-0:1.9.2-82.12.el6_4
  • sssd-tools-0:1.5.1-66.el6_2.5
  • sssd-tools-0:1.9.2-129.el6_5.7
  • sssd-tools-0:1.9.2-82.12.el6_4
  • libsmbclient-0:3.0.33-3.41.el5_11
  • libsmbclient-devel-0:3.0.33-3.41.el5_11
  • samba-0:3.0.33-3.41.el5_11
  • samba-client-0:3.0.33-3.41.el5_11
  • samba-common-0:3.0.33-3.41.el5_11
  • samba-debuginfo-0:3.0.33-3.41.el5_11
  • samba-swat-0:3.0.33-3.41.el5_11
  • libsmbclient-0:3.0.33-3.30.el5_6
  • libsmbclient-0:3.0.33-3.40.el5_9
  • libsmbclient-devel-0:3.0.33-3.30.el5_6
  • libsmbclient-devel-0:3.0.33-3.40.el5_9
  • samba-0:3.0.33-3.30.el5_6
  • samba-0:3.0.33-3.40.el5_9
  • samba-client-0:3.0.33-3.30.el5_6
  • samba-client-0:3.0.33-3.40.el5_9
  • samba-common-0:3.0.33-3.30.el5_6
  • samba-common-0:3.0.33-3.40.el5_9
  • samba-debuginfo-0:3.0.33-3.30.el5_6
  • samba-debuginfo-0:3.0.33-3.40.el5_9
  • samba-swat-0:3.0.33-3.30.el5_6
  • samba-swat-0:3.0.33-3.40.el5_9
  • samba3x-0:3.6.23-12.el5_6
  • samba3x-0:3.6.23-12.el5_9
  • samba3x-client-0:3.6.23-12.el5_6
  • samba3x-client-0:3.6.23-12.el5_9
  • samba3x-common-0:3.6.23-12.el5_6
  • samba3x-common-0:3.6.23-12.el5_9
  • samba3x-debuginfo-0:3.6.23-12.el5_6
  • samba3x-debuginfo-0:3.6.23-12.el5_9
  • samba3x-doc-0:3.6.23-12.el5_6
  • samba3x-doc-0:3.6.23-12.el5_9
  • samba3x-domainjoin-gui-0:3.6.23-12.el5_6
  • samba3x-domainjoin-gui-0:3.6.23-12.el5_9
  • samba3x-swat-0:3.6.23-12.el5_6
  • samba3x-swat-0:3.6.23-12.el5_9
  • samba3x-winbind-0:3.6.23-12.el5_6
  • samba3x-winbind-0:3.6.23-12.el5_9
  • samba3x-winbind-devel-0:3.6.23-12.el5_6
  • samba3x-winbind-devel-0:3.6.23-12.el5_9
  • samba-0:3.0.33-3.37.el4
  • samba-client-0:3.0.33-3.37.el4
  • samba-common-0:3.0.33-3.37.el4
  • samba-debuginfo-0:3.0.33-3.37.el4
  • samba-swat-0:3.0.33-3.37.el4

References