Vulnerabilities > CVE-2017-9461 - Infinite Loop vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1754.NASL description Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. CVE-2018-1050 Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash. CVE-2018-1057 On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users last seen 2020-06-01 modified 2020-06-02 plugin id 123959 published 2019-04-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123959 title Debian DLA-1754-1 : samba security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1754-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(123959); script_version("1.4"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2017-9461", "CVE-2018-1050", "CVE-2018-1057", "CVE-2019-3880"); script_name(english:"Debian DLA-1754-1 : samba security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. CVE-2018-1050 Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash. CVE-2018-1057 On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). Thanks to the Ubuntu security team for having backported the rather invasive changeset to Samba in Ubuntu 14.04 (which we could use to patch Samba in Debian jessie LTS). CVE-2019-3880 A flaw was found in the way Samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could have used this flaw to create a new registry hive file anywhere they had unix permissions which could have lead to creation of a new file in the Samba share. For Debian 8 'Jessie', these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u12. We recommend that you upgrade your samba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/samba" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1057"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-smbpass"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libparse-pidl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:registry-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dsdb-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-vfs-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:smbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:winbind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libnss-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libpam-smbpass", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libpam-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libparse-pidl-perl", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"python-samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"registry-tools", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-common", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-common-bin", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dbg", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-doc", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dsdb-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-libs", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-testsuite", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-vfs-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"smbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-1950.NASL description An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102745 published 2017-08-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102745 title CentOS 7 : samba (CESA-2017:1950) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1950 and # CentOS Errata and Security Advisory 2017:1950 respectively. # include("compat.inc"); if (description) { script_id(102745); script_version("3.7"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2017-9461"); script_xref(name:"RHSA", value:"2017:1950"); script_name(english:"CentOS 7 : samba (CESA-2017:1950)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004532.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fea5b705" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9461"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-tests-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-tools-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-krb5-printing-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-pidl-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-python-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-clients-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-modules-4.6.2-8.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1950.NASL description An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102106 published 2017-08-02 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102106 title RHEL 7 : samba (RHSA-2017:1950) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1950. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(102106); script_version("3.14"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2017-9461"); script_xref(name:"RHSA", value:"2017:1950"); script_name(english:"RHEL 7 : samba (RHSA-2017:1950)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section." ); # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3395ff0b" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:1950" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-9461" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:1950"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ctdb-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ctdb-tests-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libsmbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libsmbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libwbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libwbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-client-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-client-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-client-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-common-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-common-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-common-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-common-tools-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-common-tools-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-dc-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-dc-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-dc-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-dc-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-debuginfo-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-krb5-printing-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-krb5-printing-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-pidl-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-python-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-python-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-test-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-test-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-test-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-winbind-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-winbind-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-winbind-clients-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-winbind-clients-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-winbind-krb5-locator-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-winbind-modules-4.6.2-8.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc"); } }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1220.NASL description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103078 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103078 title EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1220) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-1950.NASL description From Red Hat Security Advisory 2017:1950 : An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 102290 published 2017-08-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102290 title Oracle Linux 7 : samba (ELSA-2017-1950) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2338.NASL description An update for samba is now available for Red Hat Gluster Storage 3.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. last seen 2020-06-01 modified 2020-06-02 plugin id 102156 published 2017-08-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102156 title RHEL 7 : Red Hat Gluster Storage (RHSA-2017:2338) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-2778.NASL description An update for samba is now available for Red Hat Gluster Storage 3.3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. Bug Fix(es) : * In the samba configuration, by default the last seen 2020-06-01 modified 2020-06-02 plugin id 103453 published 2017-09-25 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103453 title RHEL 6 : Storage Server (RHSA-2017:2778) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3348-1.NASL description It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-9461) In addition, this update fixes a regression introduced by USN-3267-1 that caused Samba to incorrectly handle non-wide symlinks to directories. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101262 published 2017-07-06 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101262 title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : samba vulnerability (USN-3348-1) NASL family Scientific Linux Local Security Checks NASL id SL_20170801_SAMBA_ON_SL7_X.NASL description The following packages have been upgraded to a later upstream version: samba (4.6.2). Security Fix(es) : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) last seen 2020-03-18 modified 2017-08-22 plugin id 102656 published 2017-08-22 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102656 title Scientific Linux Security Update : samba on SL7.x x86_64 (20170801) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1219.NASL description According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-09-11 plugin id 103077 published 2017-09-11 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103077 title EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1219)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://www.securityfocus.com/bid/99455
- http://www.securityfocus.com/bid/99455
- https://access.redhat.com/errata/RHSA-2017:1950
- https://access.redhat.com/errata/RHSA-2017:1950
- https://access.redhat.com/errata/RHSA-2017:2338
- https://access.redhat.com/errata/RHSA-2017:2338
- https://access.redhat.com/errata/RHSA-2017:2778
- https://access.redhat.com/errata/RHSA-2017:2778
- https://bugs.debian.org/864291
- https://bugs.debian.org/864291
- https://bugzilla.samba.org/show_bug.cgi?id=12572
- https://bugzilla.samba.org/show_bug.cgi?id=12572
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310
- https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html