Vulnerabilities > CVE-2016-2114 - 7PK - Security Features vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

samba

canonical

CWE-254

nessus

NVD

Published: 2016-04-25

Updated: 2016-12-31

Summary

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 4.0.0 Samba Samba 4.0.1 Samba Samba 4.0.2 Samba Samba 4.0.3 Samba Samba 4.0.4 Samba Samba 4.0.5 Samba Samba 4.0.6 Samba Samba 4.0.7 Samba Samba 4.0.8 Samba Samba 4.0.9 Samba Samba 4.0.10 Samba Samba 4.0.11 Samba Samba 4.0.12 Samba Samba 4.0.13 Samba Samba 4.0.14 Samba Samba 4.0.15 Samba Samba 4.0.16 Samba Samba 4.0.17 Samba Samba 4.0.18 Samba Samba 4.0.19 Samba Samba 4.0.20 Samba Samba 4.0.21 Samba Samba 4.0.22 Samba Samba 4.0.23 Samba Samba 4.0.24 Samba Samba 4.0.25 Samba Samba 4.0.26 Samba Samba 4.1.0 Samba Samba 4.1.1 Samba Samba 4.1.2 Samba Samba 4.1.3 Samba Samba 4.1.4 Samba Samba 4.1.5 Samba Samba 4.1.6 Samba Samba 4.1.7 Samba Samba 4.1.8 Samba Samba 4.1.9 Samba Samba 4.1.10 Samba Samba 4.1.11 Samba Samba 4.1.12 Samba Samba 4.1.13 Samba Samba 4.1.14 Samba Samba 4.1.15 Samba Samba 4.1.16 Samba Samba 4.1.17 Samba Samba 4.1.18 Samba Samba 4.1.19 Samba Samba 4.1.20 Samba Samba 4.1.21 Samba Samba 4.1.22 Samba Samba 4.1.23 Samba Samba 4.2.0 Samba Samba 4.2.1 Samba Samba 4.2.2 Samba Samba 4.2.3 Samba Samba 4.2.4 Samba Samba 4.2.5 Samba Samba 4.2.6 Samba Samba 4.2.7 Samba Samba 4.2.8 Samba Samba 4.2.9 Samba Samba 4.3.0 Samba Samba 4.3.1 Samba Samba 4.3.2 Samba Samba 4.3.3 Samba Samba 4.3.4 Samba Samba 4.3.5 Samba Samba 4.3.6 Samba Samba 4.4.0	72
OS	Canonical Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 15.10 Canonical Ubuntu Linux 16.04	3

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Nessus

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2016-1014.NASL
description	According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in Samba
last seen	2020-05-06
modified	2017-05-01
plugin id	99777
published	2017-05-01
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99777
title	EulerOS 2.0 SP1 : samba (EulerOS-SA-2016-1014)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(99777); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118" ); script_name(english:"EulerOS 2.0 SP1 : samba (EulerOS-SA-2016-1014)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).(CVE-2015-5370) - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. - As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) - Several flaws were found in Samba's implementation of NTLMSSP authentication. An nauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.(CVE-2016-2110) - It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) - It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.(CVE-2016-2112) - It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate.(CVE-2016-2113) - It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) - It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.(CVE-2016-2115) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1014 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f1103f47"); script_set_attribute(attribute:"solution", value: "Update the affected samba packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pytalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-tdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-tevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tdb-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libldb-1.1.25-1", "libsmbclient-4.2.10-6", "libtalloc-2.1.5-1", "libtdb-1.3.8-1", "libtevent-0.9.26-1", "libwbclient-4.2.10-6", "pytalloc-2.1.5-1", "python-tdb-1.3.8-1", "python-tevent-0.9.26-1", "samba-4.2.10-6", "samba-client-4.2.10-6", "samba-client-libs-4.2.10-6", "samba-common-4.2.10-6", "samba-common-libs-4.2.10-6", "samba-common-tools-4.2.10-6", "samba-libs-4.2.10-6", "samba-python-4.2.10-6", "samba-winbind-4.2.10-6", "samba-winbind-clients-4.2.10-6", "samba-winbind-modules-4.2.10-6", "tdb-tools-1.3.8-1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0620.NASL
description	An update for samba4 is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	90497
published	2016-04-13
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90497
title	RHEL 6 : samba4 (RHSA-2016:0620) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0620. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(90497); script_version("2.19"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"RHSA", value:"2016:0620"); script_name(english:"RHEL 6 : samba4 (RHSA-2016:0620) (Badlock)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for samba4 is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115." ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.2.10.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/vulnerabilities/badlock" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/articles/2253041" ); # http://badlock.org/ script_set_attribute( attribute:"see_also", value:"https://samba.plus" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/articles/2243351" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:0620" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5370" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2115" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2112" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2118" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2111" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2114" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2113" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evolution-mapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evolution-mapi-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evolution-mapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-admintools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-selinux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ldb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libipa_hbac-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_autofs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_idmap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_idmap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_sudo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsss_sudo-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-devel-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pyldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pyldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sssd-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\.2\|6\.4\|6\.5\|6\.6)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.2 / 6.4 / 6.5 / 6.6", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:0620"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { sp = get_kb_item("Host/RedHat/minor_release"); if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); flag = 0; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"evolution-mapi-0.28.3-8.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"evolution-mapi-0.28.3-8.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"evolution-mapi-debuginfo-0.28.3-8.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"evolution-mapi-debuginfo-0.28.3-8.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"evolution-mapi-devel-0.28.3-8.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"evolution-mapi-devel-0.28.3-8.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-admintools-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-admintools-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-admintools-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-admintools-3.0.0-26.el6_4.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-admintools-3.0.0-37.el6_5.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-client-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-client-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-client-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-client-3.0.0-26.el6_4.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-client-3.0.0-37.el6_5.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-debuginfo-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-debuginfo-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-debuginfo-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-debuginfo-3.0.0-26.el6_4.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-debuginfo-3.0.0-37.el6_5.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-python-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ipa-python-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-python-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-python-3.0.0-26.el6_4.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-python-3.0.0-37.el6_5.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-server-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-server-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-server-3.0.0-26.el6_4.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-server-3.0.0-37.el6_5.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-server-selinux-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-server-selinux-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-server-selinux-3.0.0-26.el6_4.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-server-selinux-3.0.0-37.el6_5.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ipa-server-trust-ad-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ipa-server-trust-ad-3.0.0-42.el6_6.1")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ipa-server-trust-ad-3.0.0-26.el6_4.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ipa-server-trust-ad-3.0.0-37.el6_5.1")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"ldb-tools-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"ldb-tools-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"ldb-tools-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libipa_hbac-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libipa_hbac-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libipa_hbac-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libipa_hbac-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libipa_hbac-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libipa_hbac-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libipa_hbac-devel-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libipa_hbac-devel-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libipa_hbac-devel-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libipa_hbac-devel-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libipa_hbac-devel-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libipa_hbac-devel-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libipa_hbac-python-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libipa_hbac-python-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libipa_hbac-python-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"6", reference:"libldb-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libldb-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libldb-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libldb-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libldb-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libldb-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libldb-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", reference:"libldb-debuginfo-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libldb-debuginfo-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libldb-debuginfo-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libldb-debuginfo-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libldb-debuginfo-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libldb-debuginfo-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libldb-debuginfo-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", reference:"libldb-devel-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libldb-devel-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"libldb-devel-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libldb-devel-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libldb-devel-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"libldb-devel-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libldb-devel-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_autofs-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_autofs-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libsss_idmap-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libsss_idmap-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_idmap-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_idmap-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libsss_idmap-devel-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libsss_idmap-devel-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_idmap-devel-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_idmap-devel-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_sudo-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_sudo-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"libsss_sudo-devel-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"libsss_sudo-devel-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"libsss_sudo-devel-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"libsss_sudo-devel-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openchange-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-1.0-5.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-1.0-7.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-client-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-client-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-client-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-client-1.0-5.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-client-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-client-1.0-7.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-debuginfo-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openchange-debuginfo-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-debuginfo-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-debuginfo-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-debuginfo-1.0-5.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-debuginfo-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-debuginfo-1.0-7.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-devel-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"openchange-devel-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-devel-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-devel-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-devel-1.0-5.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-devel-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-devel-1.0-7.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"openchange-devel-docs-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"openchange-devel-docs-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"openchange-devel-docs-1.0-7.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"openchange-devel-docs-1.0-5.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"openchange-devel-docs-1.0-1.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"openchange-devel-docs-1.0-7.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"pyldb-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"pyldb-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"pyldb-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"pyldb-devel-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"pyldb-devel-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"pyldb-devel-1.1.25-2.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-client-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-client-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-client-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-client-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-client-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-common-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-common-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-common-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-common-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-common-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-dc-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-dc-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-dc-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-dc-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-dc-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-dc-libs-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-dc-libs-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-dc-libs-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-dc-libs-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-dc-libs-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-debuginfo-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"samba4-debuginfo-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-debuginfo-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-debuginfo-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-devel-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"samba4-devel-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-devel-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-devel-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-libs-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"samba4-libs-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-libs-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-libs-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-pidl-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-pidl-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_2")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-pidl-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-python-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-python-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-python-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-python-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-python-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-test-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-test-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-test-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-test-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-test-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-winbind-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-winbind-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-winbind-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-winbind-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-winbind-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-winbind-clients-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-winbind-clients-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-winbind-clients-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-winbind-clients-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-winbind-clients-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"i686", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"s390x", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"6", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_5")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"sssd-client-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"sssd-client-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"sssd-client-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-client-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-client-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-client-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"sssd-debuginfo-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"sssd-debuginfo-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"sssd-debuginfo-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-debuginfo-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-debuginfo-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-debuginfo-1.9.2-129.el6_5.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"sssd-tools-1.9.2-82.12.el6_4")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"sssd-tools-1.5.1-66.el6_2.5")) flag++; if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"sssd-tools-1.9.2-129.el6_5.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evolution-mapi / evolution-mapi-debuginfo / evolution-mapi-devel / etc"); } }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3548.NASL
description	Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. - CVE-2016-2110 Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. - CVE-2016-2111 When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel
last seen	2020-06-01
modified	2020-06-02
plugin id	90515
published	2016-04-14
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90515
title	Debian DSA-3548-1 : samba - security update (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3548. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(90515); script_version("2.16"); script_cvs_date("Date: 2019/07/15 14:20:30"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"DSA", value:"3548"); script_name(english:"Debian DSA-3548-1 : samba - security update (Badlock)"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. - CVE-2016-2110 Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. - CVE-2016-2111 When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information. This flaw corresponds to the same vulnerability as CVE-2015-0005 for Windows, discovered by Alberto Solino from Core Security. - CVE-2016-2112 Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can downgrade LDAP connections to avoid integrity protection. - CVE-2016-2113 Stefan Metzmacher of SerNet and the Samba Team discovered that man-in-the-middle attacks are possible for client triggered LDAP connections and ncacn_http connections. - CVE-2016-2114 Stefan Metzmacher of SerNet and the Samba Team discovered that Samba does not enforce required smb signing even if explicitly configured. - CVE-2016-2115 Stefan Metzmacher of SerNet and the Samba Team discovered that SMB connections for IPC traffic are not integrity-protected. - CVE-2016-2118 Stefan Metzmacher of SerNet and the Samba Team discovered that a man-in-the-middle attacker can intercept any DCERPC traffic between a client and a server in order to impersonate the client and obtain the same privileges as the authenticated user account." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-5370" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2110" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2111" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-0005" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2112" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2113" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2114" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2115" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2118" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2113" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2114" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/latest_news.html#4.4.2" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.2.0.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.2.10.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/samba" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/samba" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3548" ); script_set_attribute( attribute:"solution", value: "Upgrade the samba packages. For the oldstable distribution (wheezy), these problems have been fixed in version 2:3.6.6-6+deb7u9. The oldstable distribution is not affected by CVE-2016-2113 and CVE-2016-2114. For the stable distribution (jessie), these problems have been fixed in version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading to the new upstream version 4.2.10, which includes additional changes and bugfixes. The depending libraries ldb, talloc, tdb and tevent required as well an update to new upstream versions for this update. Please refer to - https://www.samba.org/samba/latest_news.html#4.4.2 - https://www.samba.org/samba/history/samba-4.2.0.html - https://www.samba.org/samba/history/samba-4.2.10.html for further details (in particular for new options and defaults). We'd like to thank Andreas Schneider and Guenther Deschner (Red Hat), Stefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE) for the massive backporting work required to support Samba 3.6 and Samba 4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent for their help in preparing updates of Samba and the underlying infrastructure libraries." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/14"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libnss-winbind", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libpam-smbpass", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libpam-winbind", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libsmbclient", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libsmbclient-dev", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libwbclient-dev", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"libwbclient0", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"samba", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"samba-common", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"samba-common-bin", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"samba-dbg", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"samba-doc", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"samba-doc-pdf", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"samba-tools", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"smbclient", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"swat", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"7.0", prefix:"winbind", reference:"2:3.6.6-6+deb7u9")) flag++; if (deb_check(release:"8.0", prefix:"libnss-winbind", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpam-smbpass", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libpam-winbind", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libparse-pidl-perl", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes0", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient0", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"python-samba", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"registry-tools", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-common", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-common-bin", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-dbg", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-doc", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-dsdb-modules", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-libs", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-testsuite", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"samba-vfs-modules", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"smbclient", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"winbind", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-BE53260726.NASL
description	Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-04-14
plugin id	90519
published	2016-04-14
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90519
title	Fedora 23 : samba-4.3.8-0.fc23 (2016-be53260726) (Badlock)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-be53260726. # include("compat.inc"); if (description) { script_id(90519); script_version("2.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"FEDORA", value:"2016-be53260726"); script_name(english:"Fedora 23 : samba-4.3.8-0.fc23 (2016-be53260726) (Badlock)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1309987" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311893" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311903" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311910" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1312082" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1312084" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317990" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?947f4e2e" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/14"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^23([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"samba-4.3.8-0.fc23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160412_SAMBA_AND_SAMBA4_ON_SL6_X.NASL
description	Security Fix(es) : - Multiple flaws were found in Samba
last seen	2020-03-18
modified	2016-04-13
plugin id	90502
published	2016-04-13
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90502
title	Scientific Linux Security Update : samba and samba4 on SL6.x, SL7.x i386/x86_64 (20160412) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(90502); script_version("2.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_name(english:"Scientific Linux Security Update : samba and samba4 on SL6.x, SL7.x i386/x86_64 (20160412) (Badlock)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Scientific Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) - Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) - It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) - It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) - It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) - It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) - It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=8117 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2747865e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-admintools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-server-dns"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-server-selinux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ipa-server-trust-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ldb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libldb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtalloc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtdb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtevent-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libtevent-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openchange"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openchange-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openchange-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openchange-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:openchange-devel-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pyldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pyldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pytalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:pytalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-tdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-tevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba4-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tdb-tools"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"ipa-admintools-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"ipa-client-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"ipa-debuginfo-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"ipa-python-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"ipa-server-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"ipa-server-selinux-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"ipa-server-trust-ad-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"SL6", reference:"ldb-tools-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libldb-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libldb-debuginfo-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libldb-devel-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtalloc-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtalloc-debuginfo-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtalloc-devel-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtdb-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtdb-debuginfo-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtdb-devel-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtevent-0.9.26-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtevent-debuginfo-0.9.26-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"libtevent-devel-0.9.26-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openchange-1.0-7.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openchange-client-1.0-7.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openchange-debuginfo-1.0-7.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openchange-devel-1.0-7.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"openchange-devel-docs-1.0-7.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"pyldb-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"pyldb-devel-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"pytalloc-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"pytalloc-devel-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"python-tdb-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"python-tevent-0.9.26-2.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-client-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-common-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-dc-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-dc-libs-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-debuginfo-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-devel-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-libs-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-pidl-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-python-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-test-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-winbind-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-winbind-clients-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"SL6", reference:"tdb-tools-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ipa-admintools-4.2.0-15.el7_2.6.1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ipa-client-4.2.0-15.el7_2.6.1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ipa-debuginfo-4.2.0-15.el7_2.6.1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ipa-python-4.2.0-15.el7_2.6.1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ipa-server-4.2.0-15.el7_2.6.1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ipa-server-dns-4.2.0-15.el7_2.6.1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ipa-server-trust-ad-4.2.0-15.el7_2.6.1")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ldb-tools-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libldb-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libldb-debuginfo-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libldb-devel-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtalloc-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtalloc-debuginfo-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtalloc-devel-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtdb-1.3.8-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtdb-debuginfo-1.3.8-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtdb-devel-1.3.8-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtevent-0.9.26-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtevent-debuginfo-0.9.26-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libtevent-devel-0.9.26-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openchange-2.0-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openchange-client-2.0-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openchange-debuginfo-2.0-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"openchange-devel-2.0-10.el7_2")) flag++; if (rpm_check(release:"SL7", reference:"openchange-devel-docs-2.0-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pyldb-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pyldb-devel-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pytalloc-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"pytalloc-devel-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-tdb-1.3.8-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-tevent-0.9.26-1.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", reference:"samba-common-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-tools-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-debuginfo-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", reference:"samba-pidl-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-python-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-clients-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-modules-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"tdb-tools-1.3.8-1.el7_2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-debuginfo / ipa-python / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-0612.NASL
description	From Red Hat Security Advisory 2016:0612 : An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	90487
published	2016-04-13
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90487
title	Oracle Linux 6 / 7 : samba / samba4 (ELSA-2016-0612) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0612 and # Oracle Linux Security Advisory ELSA-2016-0612 respectively. # include("compat.inc"); if (description) { script_id(90487); script_version("2.17"); script_cvs_date("Date: 2019/09/27 13:00:37"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"RHSA", value:"2016:0612"); script_name(english:"Oracle Linux 6 / 7 : samba / samba4 (ELSA-2016-0612) (Badlock)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2016:0612 : An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-April/005946.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-April/005947.html" ); script_set_attribute( attribute:"solution", value:"Update the affected samba and / or samba4 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-admintools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server-dns"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server-selinux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server-trust-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ldb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libtevent-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openchange"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openchange-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openchange-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openchange-devel-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pyldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pyldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pytalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pytalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-tdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-tevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-test-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba4-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tdb-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"ipa-admintools-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"EL6", reference:"ipa-client-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"EL6", reference:"ipa-python-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"EL6", reference:"ipa-server-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"EL6", reference:"ipa-server-selinux-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"EL6", reference:"ipa-server-trust-ad-3.0.0-47.el6_7.2")) flag++; if (rpm_check(release:"EL6", reference:"ldb-tools-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libldb-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libldb-devel-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libtalloc-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libtalloc-devel-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libtdb-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libtdb-devel-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libtevent-0.9.26-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"libtevent-devel-0.9.26-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"openchange-1.0-7.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"openchange-client-1.0-7.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"openchange-devel-1.0-7.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"openchange-devel-docs-1.0-7.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"pyldb-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"pyldb-devel-1.1.25-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"pytalloc-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"pytalloc-devel-2.1.5-1.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"python-tdb-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"python-tevent-0.9.26-2.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-client-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-common-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-dc-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-dc-libs-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-devel-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-libs-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-pidl-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-python-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-test-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-winbind-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-winbind-clients-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"samba4-winbind-krb5-locator-4.2.10-6.el6_7")) flag++; if (rpm_check(release:"EL6", reference:"tdb-tools-1.3.8-1.el6_7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ipa-admintools-4.2.0-15.0.1.el7_2.6.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ipa-client-4.2.0-15.0.1.el7_2.6.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ipa-python-4.2.0-15.0.1.el7_2.6.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ipa-server-4.2.0-15.0.1.el7_2.6.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ipa-server-dns-4.2.0-15.0.1.el7_2.6.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ipa-server-trust-ad-4.2.0-15.0.1.el7_2.6.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ldb-tools-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libldb-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libldb-devel-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsmbclient-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libsmbclient-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtalloc-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtalloc-devel-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtdb-1.3.8-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtdb-devel-1.3.8-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtevent-0.9.26-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libtevent-devel-0.9.26-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwbclient-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"libwbclient-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openchange-2.0-10.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openchange-client-2.0-10.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openchange-devel-2.0-10.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openchange-devel-docs-2.0-10.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"pyldb-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"pyldb-devel-1.1.25-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"pytalloc-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"pytalloc-devel-2.1.5-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-tdb-1.3.8-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-tevent-0.9.26-1.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-client-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-client-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-common-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-common-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-common-tools-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-dc-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-dc-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-pidl-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-python-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-test-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-test-devel-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-test-libs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-clients-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"samba-winbind-modules-4.2.10-6.el7_2")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"tdb-tools-1.3.8-1.el7_2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-python / ipa-server / etc"); }

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2016-106-02.NASL
description	New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90548
published	2016-04-18
reporter	This script is Copyright (C) 2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90548
title	Slackware 14.0 / 14.1 / current : samba (SSA:2016-106-02) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2016-106-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(90548); script_version("$Revision: 2.8 $"); script_cvs_date("$Date: 2016/10/19 14:37:26 $"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"SSA", value:"2016-106-02"); script_name(english:"Slackware 14.0 / 14.1 / current : samba (SSA:2016-106-02) (Badlock)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0837cf4e" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"samba", pkgver:"4.2.11", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"samba", pkgver:"4.2.11", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"samba", pkgver:"4.2.11", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"samba", pkgver:"4.2.11", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"current", pkgname:"samba", pkgver:"4.4.2", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"samba", pkgver:"4.4.2", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-490.NASL
description	This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114:
last seen	2020-06-05
modified	2016-04-21
plugin id	90609
published	2016-04-21
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90609
title	openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-490. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(90609); script_version("2.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6150", "CVE-2013-4408", "CVE-2013-4496", "CVE-2015-0240", "CVE-2015-5252", "CVE-2015-5296", "CVE-2015-5299", "CVE-2015-5330", "CVE-2015-5370", "CVE-2015-7560", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_name(english:"openSUSE Security Update : samba (openSUSE-2016-490) (Badlock)"); script_summary(english:"Check for the openSUSE-2016-490 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes these security vulnerabilities : - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862). - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031). - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032). - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033). - CVE-2016-2113: TLS certificate validation were missing (bsc#973034). - CVE-2016-2114: 'server signing = mandatory' not enforced (bsc#973035). - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036). - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965). The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions are no longer supported by upstream. As a side effect, libpdb0 package was replaced by libsamba-passdb0." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=844720" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=849224" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=853347" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=917376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=936862" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958584" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968222" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971965" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973031" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973032" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973033" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973034" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973035" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=973036" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11077" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11395" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11529" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11536" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11599" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11688" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11749" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11752" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11756" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.samba.org/show_bug.cgi?id=11804" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-core-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/20"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-pcp-pmda-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-pcp-pmda-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-tests-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ctdb-tests-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-atsvc-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-atsvc0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-atsvc0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-binding0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-binding0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-samr-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-samr0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc-samr0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libdcerpc0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgensec-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgensec0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libgensec0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-krb5pac-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-krb5pac0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-krb5pac0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-nbt-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-nbt0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-nbt0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-standard-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-standard0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr-standard0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libndr0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libnetapi-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libnetapi0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libnetapi0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libregistry-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libregistry0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libregistry0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-credentials-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-credentials0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-credentials0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-hostconfig-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-hostconfig0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-hostconfig0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-passdb-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-passdb0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-passdb0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-policy-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-policy0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-policy0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-util-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-util0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamba-util0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamdb-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamdb0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsamdb0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-raw-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-raw0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient-raw0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbclient0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbconf-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbconf0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbconf0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbldap-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbldap0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libsmbldap0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libtevent-util-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libtevent-util0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libtevent-util0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libwbclient-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libwbclient0-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libwbclient0-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-client-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-client-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-core-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-debugsource-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-libs-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-libs-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-pidl-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-python-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-python-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-test-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-test-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-test-devel-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-winbind-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"samba-winbind-debuginfo-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-atsvc0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-atsvc0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-samr0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc-samr0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libdcerpc0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libgensec0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libgensec0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-nbt0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-standard0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr-standard0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libndr0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libnetapi0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libnetapi0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libregistry0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libregistry0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-credentials0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-passdb0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-policy0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-policy0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-util0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamba-util0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamdb0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsamdb0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient-raw0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient-raw0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbconf0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbconf0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbldap0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libsmbldap0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libtevent-util0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libtevent-util0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libwbclient0-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-client-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-libs-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-libs-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-winbind-32bit-4.2.4-3.54.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-4.2.4-3.54.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-debuginfo / ctdb-devel / ctdb-pcp-pmda / etc"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-686.NASL
description	Multiple flaws were found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	90514
published	2016-04-14
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90514
title	Amazon Linux AMI : samba (ALAS-2016-686) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2016-686. # include("compat.inc"); if (description) { script_id(90514); script_version("2.11"); script_cvs_date("Date: 2019/07/10 16:04:12"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"ALAS", value:"2016-686"); script_name(english:"Amazon Linux AMI : samba (ALAS-2016-686) (Badlock)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2016-686.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update samba' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ctdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/14"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"ctdb-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ctdb-devel-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ctdb-tests-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsmbclient-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libsmbclient-devel-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libwbclient-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libwbclient-devel-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-client-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-client-libs-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-common-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-common-libs-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-common-tools-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-debuginfo-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-devel-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-libs-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-pidl-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-python-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-test-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-test-devel-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-test-libs-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-winbind-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-winbind-clients-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-winbind-krb5-locator-4.2.10-6.33.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"samba-winbind-modules-4.2.10-6.33.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-devel / ctdb-tests / libsmbclient / libsmbclient-devel / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-48B3761BAA.NASL
description	Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-04-14
plugin id	90516
published	2016-04-14
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90516
title	Fedora 22 : samba-4.2.11-0.fc22 (2016-48b3761baa) (Badlock)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-48b3761baa. # include("compat.inc"); if (description) { script_id(90516); script_version("2.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"FEDORA", value:"2016-48b3761baa"); script_name(english:"Fedora 22 : samba-4.2.11-0.fc22 (2016-48b3761baa) (Badlock)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1309987" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311893" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311903" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1311910" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1312082" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1312084" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317990" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f6218c3b" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/14"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"samba-4.2.11-0.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0618.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	90495
published	2016-04-13
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90495
title	RHEL 7 : samba (RHSA-2016:0618) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0618. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(90495); script_version("2.18"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"RHSA", value:"2016:0618"); script_name(english:"RHEL 7 : samba (RHSA-2016:0618) (Badlock)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for samba is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:0618" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-5370" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2111" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2112" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2113" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2114" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2115" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2118" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-admintools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ldb-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtalloc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtdb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtevent-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtevent-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openchange-devel-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pyldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pyldb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pytalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pytalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tdb-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7\.1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:0618"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ctdb-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"i686", reference:"ctdb-devel-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ctdb-devel-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ctdb-tests-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"ipa-admintools-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ipa-admintools-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"ipa-client-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ipa-client-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"ipa-debuginfo-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ipa-debuginfo-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"ipa-python-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ipa-python-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ipa-server-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ipa-server-trust-ad-4.1.0-18.el7_1.6")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"ldb-tools-1.1.25-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"ldb-tools-1.1.25-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libldb-1.1.25-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libldb-debuginfo-1.1.25-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libldb-devel-1.1.25-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libsmbclient-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libsmbclient-devel-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtalloc-2.1.5-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtalloc-debuginfo-2.1.5-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtalloc-devel-2.1.5-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtdb-1.3.8-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtdb-debuginfo-1.3.8-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtdb-devel-1.3.8-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtevent-0.9.26-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtevent-debuginfo-0.9.26-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libtevent-devel-0.9.26-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libwbclient-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"libwbclient-devel-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"i686", reference:"openchange-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"openchange-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"openchange-client-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"i686", reference:"openchange-debuginfo-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"openchange-debuginfo-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"i686", reference:"openchange-devel-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"openchange-devel-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"openchange-devel-docs-2.0-4.el7_1.1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"pyldb-1.1.25-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"pyldb-devel-1.1.25-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"pytalloc-2.1.5-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"pytalloc-devel-2.1.5-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"python-tdb-1.3.8-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"python-tevent-0.9.26-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"python-tevent-0.9.26-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-client-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-client-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-client-libs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-common-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-common-libs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-common-libs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-common-tools-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-common-tools-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-dc-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-dc-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-dc-libs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-dc-libs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-debuginfo-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-devel-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-libs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-pidl-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-python-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-python-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-test-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-test-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-test-devel-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-test-devel-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-test-libs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-winbind-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-winbind-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-winbind-clients-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-winbind-clients-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"samba-winbind-krb5-locator-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", reference:"samba-winbind-modules-4.2.10-5.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"tdb-tools-1.3.8-1.el7_1")) flag++; if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"tdb-tools-1.3.8-1.el7_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-devel / ctdb-tests / ipa-admintools / ipa-client / etc"); } }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2950-1.NASL
description	Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90588
published	2016-04-19
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90588
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2950-1) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2950-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(90588); script_version("2.15"); script_cvs_date("Date: 2019/09/18 12:31:45"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"USN", value:"2950-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2950-1) (Badlock)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2950-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/19"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04\|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"samba", pkgver:"2:3.6.25-0ubuntu0.12.04.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"samba", pkgver:"2:4.3.8+dfsg-0ubuntu0.14.04.2")) flag++; if (ubuntu_check(osver:"15.10", pkgname:"samba", pkgver:"2:4.3.8+dfsg-0ubuntu0.15.10.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201612-47.NASL
description	The remote host is affected by the vulnerability described in GLSA-201612-47 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service condition, conduct a man-in-the-middle attack, obtain sensitive information, or bypass file permissions. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	96127
published	2016-12-27
reporter	This script is Copyright (C) 2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/96127
title	GLSA-201612-47 : Samba: Multiple vulnerabilities (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201612-47. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(96127); script_version("$Revision: 3.1 $"); script_cvs_date("$Date: 2016/12/27 14:30:01 $"); script_cve_id("CVE-2015-3223", "CVE-2015-5252", "CVE-2015-5296", "CVE-2015-5299", "CVE-2015-5330", "CVE-2015-7540", "CVE-2015-8467", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_xref(name:"GLSA", value:"201612-47"); script_name(english:"GLSA-201612-47 : Samba: Multiple vulnerabilities (Badlock)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201612-47 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service condition, conduct a man-in-the-middle attack, obtain sensitive information, or bypass file permissions. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201612-47" ); script_set_attribute( attribute:"solution", value: "All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/samba-4.2.11'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/24"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 4.2.11"), vulnerable:make_list("lt 4.2.11"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba"); }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_A636FC2600D911E6B704000C292E4FD8.NASL
description	Samba team reports : [CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. [CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. [CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel
last seen	2020-06-01
modified	2020-06-02
plugin id	90474
published	2016-04-13
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90474
title	FreeBSD : samba -- multiple vulnerabilities (a636fc26-00d9-11e6-b704-000c292e4fd8) (Badlock)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(90474); script_version("2.11"); script_cvs_date("Date: 2018/11/10 11:49:45"); script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"); script_name(english:"FreeBSD : samba -- multiple vulnerabilities (a636fc26-00d9-11e6-b704-000c292e4fd8) (Badlock)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Samba team reports : [CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks. [CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL. [CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic. [CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection. [CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://). [CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured. [CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection. [CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers." ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2015-5370.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2016-2110.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2016-2111.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2016-2112.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2016-2113.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2016-2114.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2016-2115.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2016-2118.html" ); # https://vuxml.freebsd.org/freebsd/a636fc26-00d9-11e6-b704-000c292e4fd8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c5a3a7ed" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba36"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba41"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba42"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba43"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba44"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"samba36>=3.6.0<=3.6.25_3")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba4>=4.0.0<=4.0.26")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba41>=4.1.0<=4.1.23")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba42>=4.2.0<4.2.11")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba43>=4.3.0<4.3.8")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba44>=4.4.0<4.4.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Misc.
NASL id	SAMBA_4_3_7.NASL
description	The version of Samba running on the remote host is 3.x or 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370) - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110) - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel
last seen	2020-06-01
modified	2020-06-02
plugin id	90508
published	2016-04-13
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90508
title	Samba 3.x < 4.2.10 / 4.2.x < 4.2.10 / 4.3.x < 4.3.7 / 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-0612.NASL
description	An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	90450
published	2016-04-13
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90450
title	CentOS 6 / 7 : ipa / libldb / libtalloc / libtdb / libtevent / openchange / samba / samba4 (CESA-2016:0612) (Badlock)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0614.NASL
description	An update for samba is now available for Red Hat Gluster Storage 3.1 for RHEL 6 and Red Hat Gluster Storage 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	90530
published	2016-04-15
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90530
title	RHEL 6 / 7 : Storage Server (RHSA-2016:0614) (Badlock)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2950-4.NASL
description	USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the
last seen	2020-06-01
modified	2020-06-02
plugin id	91256
published	2016-05-19
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91256
title	Ubuntu 12.04 LTS : samba regressions (USN-2950-4) (Badlock)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2950-5.NASL
description	USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	91333
published	2016-05-26
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91333
title	Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : samba regression (USN-2950-5) (Badlock)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2950-3.NASL
description	USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90915
published	2016-05-05
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90915
title	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : samba regressions (USN-2950-3) (Badlock)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-0612.NASL
description	An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es) : * Multiple flaws were found in Samba
last seen	2020-06-01
modified	2020-06-02
plugin id	90492
published	2016-04-13
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90492
title	RHEL 6 / 7 : samba and samba4 (RHSA-2016:0612) (Badlock)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2950-2.NASL
description	USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup. This update fixes the problem. We apologize for the inconvenience. Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370) Stefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110) Alberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111) Stefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112) Stefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113) Stefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114) Stefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115) Stefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118) Samba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	90824
published	2016-05-02
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90824
title	Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : libsoup2.4 update (USN-2950-2) (Badlock)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-383FCE04E2.NASL
description	Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-04-22
plugin id	90646
published	2016-04-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90646
title	Fedora 24 : samba-4.4.2-1.fc24 (2016-383fce04e2) (Badlock)

Redhat

advisories

rhsa
id RHSA-2016:0612
rhsa
id RHSA-2016:0614
rhsa
id RHSA-2016:0618
rhsa
id RHSA-2016:0620

rpms

ctdb-0:4.2.10-6.el7_2
ctdb-devel-0:4.2.10-6.el7_2
ctdb-tests-0:4.2.10-6.el7_2
ipa-admintools-0:3.0.0-47.el6_7.2
ipa-admintools-0:4.2.0-15.el7_2.6.1
ipa-client-0:3.0.0-47.el6_7.2
ipa-client-0:4.2.0-15.el7_2.6.1
ipa-debuginfo-0:3.0.0-47.el6_7.2
ipa-debuginfo-0:4.2.0-15.el7_2.6.1
ipa-python-0:3.0.0-47.el6_7.2
ipa-python-0:4.2.0-15.el7_2.6.1
ipa-server-0:3.0.0-47.el6_7.2
ipa-server-0:4.2.0-15.el7_2.6.1
ipa-server-dns-0:4.2.0-15.el7_2.6.1
ipa-server-selinux-0:3.0.0-47.el6_7.2
ipa-server-trust-ad-0:3.0.0-47.el6_7.2
ipa-server-trust-ad-0:4.2.0-15.el7_2.6.1
ldb-tools-0:1.1.25-1.el7_2
ldb-tools-0:1.1.25-2.el6_7
libldb-0:1.1.25-1.el7_2
libldb-0:1.1.25-2.el6_7
libldb-debuginfo-0:1.1.25-1.el7_2
libldb-debuginfo-0:1.1.25-2.el6_7
libldb-devel-0:1.1.25-1.el7_2
libldb-devel-0:1.1.25-2.el6_7
libsmbclient-0:4.2.10-6.el7_2
libsmbclient-devel-0:4.2.10-6.el7_2
libtalloc-0:2.1.5-1.el6_7
libtalloc-0:2.1.5-1.el7_2
libtalloc-debuginfo-0:2.1.5-1.el6_7
libtalloc-debuginfo-0:2.1.5-1.el7_2
libtalloc-devel-0:2.1.5-1.el6_7
libtalloc-devel-0:2.1.5-1.el7_2
libtdb-0:1.3.8-1.el6_7
libtdb-0:1.3.8-1.el7_2
libtdb-debuginfo-0:1.3.8-1.el6_7
libtdb-debuginfo-0:1.3.8-1.el7_2
libtdb-devel-0:1.3.8-1.el6_7
libtdb-devel-0:1.3.8-1.el7_2
libtevent-0:0.9.26-1.el7_2
libtevent-0:0.9.26-2.el6_7
libtevent-debuginfo-0:0.9.26-1.el7_2
libtevent-debuginfo-0:0.9.26-2.el6_7
libtevent-devel-0:0.9.26-1.el7_2
libtevent-devel-0:0.9.26-2.el6_7
libwbclient-0:4.2.10-6.el7_2
libwbclient-devel-0:4.2.10-6.el7_2
openchange-0:1.0-7.el6_7
openchange-0:2.0-10.el7_2
openchange-client-0:1.0-7.el6_7
openchange-client-0:2.0-10.el7_2
openchange-debuginfo-0:1.0-7.el6_7
openchange-debuginfo-0:2.0-10.el7_2
openchange-devel-0:1.0-7.el6_7
openchange-devel-0:2.0-10.el7_2
openchange-devel-docs-0:1.0-7.el6_7
openchange-devel-docs-0:2.0-10.el7_2
pyldb-0:1.1.25-1.el7_2
pyldb-0:1.1.25-2.el6_7
pyldb-devel-0:1.1.25-1.el7_2
pyldb-devel-0:1.1.25-2.el6_7
pytalloc-0:2.1.5-1.el6_7
pytalloc-0:2.1.5-1.el7_2
pytalloc-devel-0:2.1.5-1.el6_7
pytalloc-devel-0:2.1.5-1.el7_2
python-tdb-0:1.3.8-1.el6_7
python-tdb-0:1.3.8-1.el7_2
python-tevent-0:0.9.26-1.el7_2
python-tevent-0:0.9.26-2.el6_7
samba-0:4.2.10-6.el7_2
samba-client-0:4.2.10-6.el7_2
samba-client-libs-0:4.2.10-6.el7_2
samba-common-0:4.2.10-6.el7_2
samba-common-libs-0:4.2.10-6.el7_2
samba-common-tools-0:4.2.10-6.el7_2
samba-dc-0:4.2.10-6.el7_2
samba-dc-libs-0:4.2.10-6.el7_2
samba-debuginfo-0:4.2.10-6.el7_2
samba-devel-0:4.2.10-6.el7_2
samba-libs-0:4.2.10-6.el7_2
samba-pidl-0:4.2.10-6.el7_2
samba-python-0:4.2.10-6.el7_2
samba-test-0:4.2.10-6.el7_2
samba-test-devel-0:4.2.10-6.el7_2
samba-test-libs-0:4.2.10-6.el7_2
samba-vfs-glusterfs-0:4.2.10-6.el7_2
samba-winbind-0:4.2.10-6.el7_2
samba-winbind-clients-0:4.2.10-6.el7_2
samba-winbind-krb5-locator-0:4.2.10-6.el7_2
samba-winbind-modules-0:4.2.10-6.el7_2
samba4-0:4.2.10-6.el6_7
samba4-client-0:4.2.10-6.el6_7
samba4-common-0:4.2.10-6.el6_7
samba4-dc-0:4.2.10-6.el6_7
samba4-dc-libs-0:4.2.10-6.el6_7
samba4-debuginfo-0:4.2.10-6.el6_7
samba4-devel-0:4.2.10-6.el6_7
samba4-libs-0:4.2.10-6.el6_7
samba4-pidl-0:4.2.10-6.el6_7
samba4-python-0:4.2.10-6.el6_7
samba4-test-0:4.2.10-6.el6_7
samba4-winbind-0:4.2.10-6.el6_7
samba4-winbind-clients-0:4.2.10-6.el6_7
samba4-winbind-krb5-locator-0:4.2.10-6.el6_7
tdb-tools-0:1.3.8-1.el6_7
tdb-tools-0:1.3.8-1.el7_2
ctdb-0:4.2.11-2.el6rhs
ctdb-0:4.2.11-2.el7rhgs
ctdb-devel-0:4.2.11-2.el6rhs
ctdb-devel-0:4.2.11-2.el7rhgs
ctdb-tests-0:4.2.11-2.el6rhs
ctdb-tests-0:4.2.11-2.el7rhgs
ldb-tools-0:1.1.24-1.el6rhs
ldb-tools-0:1.1.24-1.el7rhgs
libldb-0:1.1.24-1.el6rhs
libldb-0:1.1.24-1.el7rhgs
libldb-debuginfo-0:1.1.24-1.el6rhs
libldb-debuginfo-0:1.1.24-1.el7rhgs
libldb-devel-0:1.1.24-1.el6rhs
libldb-devel-0:1.1.24-1.el7rhgs
libsmbclient-0:4.2.11-2.el6rhs
libsmbclient-0:4.2.11-2.el7rhgs
libsmbclient-devel-0:4.2.11-2.el6rhs
libsmbclient-devel-0:4.2.11-2.el7rhgs
libtalloc-0:2.1.5-1.el6rhs
libtalloc-0:2.1.5-1.el7rhgs
libtalloc-debuginfo-0:2.1.5-1.el6rhs
libtalloc-debuginfo-0:2.1.5-1.el7rhgs
libtalloc-devel-0:2.1.5-1.el6rhs
libtalloc-devel-0:2.1.5-1.el7rhgs
libtdb-0:1.3.8-1.el6rhs
libtdb-0:1.3.8-1.el7rhgs
libtdb-debuginfo-0:1.3.8-1.el6rhs
libtdb-debuginfo-0:1.3.8-1.el7rhgs
libtdb-devel-0:1.3.8-1.el6rhs
libtdb-devel-0:1.3.8-1.el7rhgs
libtevent-0:0.9.26-1.el6rhs
libtevent-0:0.9.26-1.el7rhgs
libtevent-debuginfo-0:0.9.26-1.el6rhs
libtevent-debuginfo-0:0.9.26-1.el7rhgs
libtevent-devel-0:0.9.26-1.el6rhs
libtevent-devel-0:0.9.26-1.el7rhgs
libwbclient-0:4.2.11-2.el6rhs
libwbclient-0:4.2.11-2.el7rhgs
libwbclient-devel-0:4.2.11-2.el6rhs
libwbclient-devel-0:4.2.11-2.el7rhgs
pyldb-0:1.1.24-1.el6rhs
pyldb-0:1.1.24-1.el7rhgs
pyldb-devel-0:1.1.24-1.el6rhs
pyldb-devel-0:1.1.24-1.el7rhgs
pytalloc-0:2.1.5-1.el6rhs
pytalloc-0:2.1.5-1.el7rhgs
pytalloc-devel-0:2.1.5-1.el6rhs
pytalloc-devel-0:2.1.5-1.el7rhgs
python-tdb-0:1.3.8-1.el6rhs
python-tdb-0:1.3.8-1.el7rhgs
python-tevent-0:0.9.26-1.el6rhs
python-tevent-0:0.9.26-1.el7rhgs
samba-0:4.2.11-2.el6rhs
samba-0:4.2.11-2.el7rhgs
samba-client-0:4.2.11-2.el6rhs
samba-client-0:4.2.11-2.el7rhgs
samba-client-libs-0:4.2.11-2.el6rhs
samba-client-libs-0:4.2.11-2.el7rhgs
samba-common-0:4.2.11-2.el6rhs
samba-common-0:4.2.11-2.el7rhgs
samba-common-libs-0:4.2.11-2.el6rhs
samba-common-libs-0:4.2.11-2.el7rhgs
samba-common-tools-0:4.2.11-2.el6rhs
samba-common-tools-0:4.2.11-2.el7rhgs
samba-dc-0:4.2.11-2.el6rhs
samba-dc-0:4.2.11-2.el7rhgs
samba-dc-libs-0:4.2.11-2.el6rhs
samba-dc-libs-0:4.2.11-2.el7rhgs
samba-debuginfo-0:4.2.11-2.el6rhs
samba-debuginfo-0:4.2.11-2.el7rhgs
samba-devel-0:4.2.11-2.el6rhs
samba-devel-0:4.2.11-2.el7rhgs
samba-libs-0:4.2.11-2.el6rhs
samba-libs-0:4.2.11-2.el7rhgs
samba-pidl-0:4.2.11-2.el6rhs
samba-pidl-0:4.2.11-2.el7rhgs
samba-python-0:4.2.11-2.el6rhs
samba-python-0:4.2.11-2.el7rhgs
samba-test-0:4.2.11-2.el6rhs
samba-test-0:4.2.11-2.el7rhgs
samba-test-devel-0:4.2.11-2.el6rhs
samba-test-devel-0:4.2.11-2.el7rhgs
samba-test-libs-0:4.2.11-2.el6rhs
samba-test-libs-0:4.2.11-2.el7rhgs
samba-vfs-glusterfs-0:4.2.11-2.el6rhs
samba-vfs-glusterfs-0:4.2.11-2.el7rhgs
samba-winbind-0:4.2.11-2.el6rhs
samba-winbind-0:4.2.11-2.el7rhgs
samba-winbind-clients-0:4.2.11-2.el6rhs
samba-winbind-clients-0:4.2.11-2.el7rhgs
samba-winbind-krb5-locator-0:4.2.11-2.el6rhs
samba-winbind-krb5-locator-0:4.2.11-2.el7rhgs
samba-winbind-modules-0:4.2.11-2.el6rhs
samba-winbind-modules-0:4.2.11-2.el7rhgs
tdb-tools-0:1.3.8-1.el6rhs
tdb-tools-0:1.3.8-1.el7rhgs
ctdb-0:4.2.10-5.ael7b_1
ctdb-0:4.2.10-5.el7_1
ctdb-devel-0:4.2.10-5.ael7b_1
ctdb-devel-0:4.2.10-5.el7_1
ctdb-tests-0:4.2.10-5.ael7b_1
ctdb-tests-0:4.2.10-5.el7_1
ipa-admintools-0:4.1.0-18.ael7b_1.6
ipa-admintools-0:4.1.0-18.el7_1.6
ipa-client-0:4.1.0-18.ael7b_1.6
ipa-client-0:4.1.0-18.el7_1.6
ipa-debuginfo-0:4.1.0-18.ael7b_1.6
ipa-debuginfo-0:4.1.0-18.el7_1.6
ipa-python-0:4.1.0-18.ael7b_1.6
ipa-python-0:4.1.0-18.el7_1.6
ipa-server-0:4.1.0-18.el7_1.6
ipa-server-trust-ad-0:4.1.0-18.el7_1.6
ldb-tools-0:1.1.25-1.ael7b_1
ldb-tools-0:1.1.25-1.el7_1
libldb-0:1.1.25-1.ael7b_1
libldb-0:1.1.25-1.el7_1
libldb-debuginfo-0:1.1.25-1.ael7b_1
libldb-debuginfo-0:1.1.25-1.el7_1
libldb-devel-0:1.1.25-1.ael7b_1
libldb-devel-0:1.1.25-1.el7_1
libsmbclient-0:4.2.10-5.ael7b_1
libsmbclient-0:4.2.10-5.el7_1
libsmbclient-devel-0:4.2.10-5.ael7b_1
libsmbclient-devel-0:4.2.10-5.el7_1
libtalloc-0:2.1.5-1.ael7b_1
libtalloc-0:2.1.5-1.el7_1
libtalloc-debuginfo-0:2.1.5-1.ael7b_1
libtalloc-debuginfo-0:2.1.5-1.el7_1
libtalloc-devel-0:2.1.5-1.ael7b_1
libtalloc-devel-0:2.1.5-1.el7_1
libtdb-0:1.3.8-1.ael7b_1
libtdb-0:1.3.8-1.el7_1
libtdb-debuginfo-0:1.3.8-1.ael7b_1
libtdb-debuginfo-0:1.3.8-1.el7_1
libtdb-devel-0:1.3.8-1.ael7b_1
libtdb-devel-0:1.3.8-1.el7_1
libtevent-0:0.9.26-1.ael7b_1
libtevent-0:0.9.26-1.el7_1
libtevent-debuginfo-0:0.9.26-1.ael7b_1
libtevent-debuginfo-0:0.9.26-1.el7_1
libtevent-devel-0:0.9.26-1.ael7b_1
libtevent-devel-0:0.9.26-1.el7_1
libwbclient-0:4.2.10-5.ael7b_1
libwbclient-0:4.2.10-5.el7_1
libwbclient-devel-0:4.2.10-5.ael7b_1
libwbclient-devel-0:4.2.10-5.el7_1
openchange-0:2.0-4.ael7b_1.1
openchange-0:2.0-4.el7_1.1
openchange-client-0:2.0-4.ael7b_1.1
openchange-client-0:2.0-4.el7_1.1
openchange-debuginfo-0:2.0-4.ael7b_1.1
openchange-debuginfo-0:2.0-4.el7_1.1
openchange-devel-0:2.0-4.ael7b_1.1
openchange-devel-0:2.0-4.el7_1.1
openchange-devel-docs-0:2.0-4.ael7b_1.1
openchange-devel-docs-0:2.0-4.el7_1.1
pyldb-0:1.1.25-1.ael7b_1
pyldb-0:1.1.25-1.el7_1
pyldb-devel-0:1.1.25-1.ael7b_1
pyldb-devel-0:1.1.25-1.el7_1
pytalloc-0:2.1.5-1.ael7b_1
pytalloc-0:2.1.5-1.el7_1
pytalloc-devel-0:2.1.5-1.ael7b_1
pytalloc-devel-0:2.1.5-1.el7_1
python-tdb-0:1.3.8-1.ael7b_1
python-tdb-0:1.3.8-1.el7_1
python-tevent-0:0.9.26-1.ael7b_1
python-tevent-0:0.9.26-1.el7_1
samba-0:4.2.10-5.ael7b_1
samba-0:4.2.10-5.el7_1
samba-client-0:4.2.10-5.ael7b_1
samba-client-0:4.2.10-5.el7_1
samba-client-libs-0:4.2.10-5.ael7b_1
samba-client-libs-0:4.2.10-5.el7_1
samba-common-0:4.2.10-5.ael7b_1
samba-common-0:4.2.10-5.el7_1
samba-common-libs-0:4.2.10-5.ael7b_1
samba-common-libs-0:4.2.10-5.el7_1
samba-common-tools-0:4.2.10-5.ael7b_1
samba-common-tools-0:4.2.10-5.el7_1
samba-dc-0:4.2.10-5.ael7b_1
samba-dc-0:4.2.10-5.el7_1
samba-dc-libs-0:4.2.10-5.ael7b_1
samba-dc-libs-0:4.2.10-5.el7_1
samba-debuginfo-0:4.2.10-5.ael7b_1
samba-debuginfo-0:4.2.10-5.el7_1
samba-devel-0:4.2.10-5.ael7b_1
samba-devel-0:4.2.10-5.el7_1
samba-libs-0:4.2.10-5.ael7b_1
samba-libs-0:4.2.10-5.el7_1
samba-pidl-0:4.2.10-5.ael7b_1
samba-pidl-0:4.2.10-5.el7_1
samba-python-0:4.2.10-5.ael7b_1
samba-python-0:4.2.10-5.el7_1
samba-test-0:4.2.10-5.ael7b_1
samba-test-0:4.2.10-5.el7_1
samba-test-devel-0:4.2.10-5.ael7b_1
samba-test-devel-0:4.2.10-5.el7_1
samba-test-libs-0:4.2.10-5.ael7b_1
samba-test-libs-0:4.2.10-5.el7_1
samba-vfs-glusterfs-0:4.2.10-5.el7_1
samba-winbind-0:4.2.10-5.ael7b_1
samba-winbind-0:4.2.10-5.el7_1
samba-winbind-clients-0:4.2.10-5.ael7b_1
samba-winbind-clients-0:4.2.10-5.el7_1
samba-winbind-krb5-locator-0:4.2.10-5.ael7b_1
samba-winbind-krb5-locator-0:4.2.10-5.el7_1
samba-winbind-modules-0:4.2.10-5.ael7b_1
samba-winbind-modules-0:4.2.10-5.el7_1
tdb-tools-0:1.3.8-1.ael7b_1
tdb-tools-0:1.3.8-1.el7_1
evolution-mapi-0:0.28.3-8.el6_2
evolution-mapi-debuginfo-0:0.28.3-8.el6_2
evolution-mapi-devel-0:0.28.3-8.el6_2
ipa-admintools-0:3.0.0-26.el6_4.5
ipa-admintools-0:3.0.0-37.el6_5.1
ipa-admintools-0:3.0.0-42.el6_6.1
ipa-client-0:3.0.0-26.el6_4.5
ipa-client-0:3.0.0-37.el6_5.1
ipa-client-0:3.0.0-42.el6_6.1
ipa-debuginfo-0:3.0.0-26.el6_4.5
ipa-debuginfo-0:3.0.0-37.el6_5.1
ipa-debuginfo-0:3.0.0-42.el6_6.1
ipa-python-0:3.0.0-26.el6_4.5
ipa-python-0:3.0.0-37.el6_5.1
ipa-python-0:3.0.0-42.el6_6.1
ipa-server-0:3.0.0-26.el6_4.5
ipa-server-0:3.0.0-37.el6_5.1
ipa-server-0:3.0.0-42.el6_6.1
ipa-server-selinux-0:3.0.0-26.el6_4.5
ipa-server-selinux-0:3.0.0-37.el6_5.1
ipa-server-selinux-0:3.0.0-42.el6_6.1
ipa-server-trust-ad-0:3.0.0-26.el6_4.5
ipa-server-trust-ad-0:3.0.0-37.el6_5.1
ipa-server-trust-ad-0:3.0.0-42.el6_6.1
ldb-tools-0:1.1.25-2.el6_2
ldb-tools-0:1.1.25-2.el6_4
ldb-tools-0:1.1.25-2.el6_5
ldb-tools-0:1.1.25-2.el6_6
libipa_hbac-0:1.5.1-66.el6_2.5
libipa_hbac-0:1.9.2-129.el6_5.7
libipa_hbac-0:1.9.2-82.12.el6_4
libipa_hbac-devel-0:1.5.1-66.el6_2.5
libipa_hbac-devel-0:1.9.2-129.el6_5.7
libipa_hbac-devel-0:1.9.2-82.12.el6_4
libipa_hbac-python-0:1.5.1-66.el6_2.5
libipa_hbac-python-0:1.9.2-129.el6_5.7
libipa_hbac-python-0:1.9.2-82.12.el6_4
libldb-0:1.1.25-2.el6_2
libldb-0:1.1.25-2.el6_4
libldb-0:1.1.25-2.el6_5
libldb-0:1.1.25-2.el6_6
libldb-debuginfo-0:1.1.25-2.el6_2
libldb-debuginfo-0:1.1.25-2.el6_4
libldb-debuginfo-0:1.1.25-2.el6_5
libldb-debuginfo-0:1.1.25-2.el6_6
libldb-devel-0:1.1.25-2.el6_2
libldb-devel-0:1.1.25-2.el6_4
libldb-devel-0:1.1.25-2.el6_5
libldb-devel-0:1.1.25-2.el6_6
libsss_autofs-0:1.9.2-129.el6_5.7
libsss_autofs-0:1.9.2-82.12.el6_4
libsss_idmap-0:1.9.2-129.el6_5.7
libsss_idmap-0:1.9.2-82.12.el6_4
libsss_idmap-devel-0:1.9.2-129.el6_5.7
libsss_idmap-devel-0:1.9.2-82.12.el6_4
libsss_sudo-0:1.9.2-129.el6_5.7
libsss_sudo-0:1.9.2-82.12.el6_4
libsss_sudo-devel-0:1.9.2-129.el6_5.7
libsss_sudo-devel-0:1.9.2-82.12.el6_4
openchange-0:1.0-1.el6_2
openchange-0:1.0-5.el6_4
openchange-0:1.0-7.el6_5
openchange-0:1.0-7.el6_6
openchange-client-0:1.0-1.el6_2
openchange-client-0:1.0-5.el6_4
openchange-client-0:1.0-7.el6_5
openchange-client-0:1.0-7.el6_6
openchange-debuginfo-0:1.0-1.el6_2
openchange-debuginfo-0:1.0-5.el6_4
openchange-debuginfo-0:1.0-7.el6_5
openchange-debuginfo-0:1.0-7.el6_6
openchange-devel-0:1.0-1.el6_2
openchange-devel-0:1.0-5.el6_4
openchange-devel-0:1.0-7.el6_5
openchange-devel-0:1.0-7.el6_6
openchange-devel-docs-0:1.0-1.el6_2
openchange-devel-docs-0:1.0-5.el6_4
openchange-devel-docs-0:1.0-7.el6_5
openchange-devel-docs-0:1.0-7.el6_6
pyldb-0:1.1.25-2.el6_2
pyldb-0:1.1.25-2.el6_4
pyldb-0:1.1.25-2.el6_5
pyldb-0:1.1.25-2.el6_6
pyldb-devel-0:1.1.25-2.el6_2
pyldb-devel-0:1.1.25-2.el6_4
pyldb-devel-0:1.1.25-2.el6_5
pyldb-devel-0:1.1.25-2.el6_6
samba4-0:4.2.10-6.el6_2
samba4-0:4.2.10-6.el6_4
samba4-0:4.2.10-6.el6_5
samba4-0:4.2.10-6.el6_6
samba4-client-0:4.2.10-6.el6_4
samba4-client-0:4.2.10-6.el6_5
samba4-client-0:4.2.10-6.el6_6
samba4-common-0:4.2.10-6.el6_4
samba4-common-0:4.2.10-6.el6_5
samba4-common-0:4.2.10-6.el6_6
samba4-dc-0:4.2.10-6.el6_4
samba4-dc-0:4.2.10-6.el6_5
samba4-dc-0:4.2.10-6.el6_6
samba4-dc-libs-0:4.2.10-6.el6_4
samba4-dc-libs-0:4.2.10-6.el6_5
samba4-dc-libs-0:4.2.10-6.el6_6
samba4-debuginfo-0:4.2.10-6.el6_2
samba4-debuginfo-0:4.2.10-6.el6_4
samba4-debuginfo-0:4.2.10-6.el6_5
samba4-debuginfo-0:4.2.10-6.el6_6
samba4-devel-0:4.2.10-6.el6_2
samba4-devel-0:4.2.10-6.el6_4
samba4-devel-0:4.2.10-6.el6_5
samba4-devel-0:4.2.10-6.el6_6
samba4-libs-0:4.2.10-6.el6_2
samba4-libs-0:4.2.10-6.el6_4
samba4-libs-0:4.2.10-6.el6_5
samba4-libs-0:4.2.10-6.el6_6
samba4-pidl-0:4.2.10-6.el6_2
samba4-pidl-0:4.2.10-6.el6_4
samba4-pidl-0:4.2.10-6.el6_5
samba4-pidl-0:4.2.10-6.el6_6
samba4-python-0:4.2.10-6.el6_4
samba4-python-0:4.2.10-6.el6_5
samba4-python-0:4.2.10-6.el6_6
samba4-test-0:4.2.10-6.el6_4
samba4-test-0:4.2.10-6.el6_5
samba4-test-0:4.2.10-6.el6_6
samba4-winbind-0:4.2.10-6.el6_4
samba4-winbind-0:4.2.10-6.el6_5
samba4-winbind-0:4.2.10-6.el6_6
samba4-winbind-clients-0:4.2.10-6.el6_4
samba4-winbind-clients-0:4.2.10-6.el6_5
samba4-winbind-clients-0:4.2.10-6.el6_6
samba4-winbind-krb5-locator-0:4.2.10-6.el6_4
samba4-winbind-krb5-locator-0:4.2.10-6.el6_5
samba4-winbind-krb5-locator-0:4.2.10-6.el6_6
sssd-0:1.5.1-66.el6_2.5
sssd-0:1.9.2-129.el6_5.7
sssd-0:1.9.2-82.12.el6_4
sssd-client-0:1.5.1-66.el6_2.5
sssd-client-0:1.9.2-129.el6_5.7
sssd-client-0:1.9.2-82.12.el6_4
sssd-debuginfo-0:1.5.1-66.el6_2.5
sssd-debuginfo-0:1.9.2-129.el6_5.7
sssd-debuginfo-0:1.9.2-82.12.el6_4
sssd-tools-0:1.5.1-66.el6_2.5
sssd-tools-0:1.9.2-129.el6_5.7
sssd-tools-0:1.9.2-82.12.el6_4

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References