Vulnerabilities > CVE-2017-9461 - Infinite Loop vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2017-06-06

Updated: 2023-11-07

Summary

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 4.5.2 Samba Samba 4.5.0 Samba Samba - Samba Samba 1.9.17 Samba Samba 1.9.18 Samba Samba 2.0 Samba Samba 2.0.0 Samba Samba 2.0.1 Samba Samba 2.0.2 Samba Samba 2.0.3 Samba Samba 2.0.4 Samba Samba 2.0.5 Samba Samba 2.0.5A Samba Samba 2.0.6 Samba Samba 2.0.7 Samba Samba 2.0.8 Samba Samba 2.0.9 Samba Samba 2.0.10 Samba Samba 2.2 Samba Samba 2.2.0 Samba Samba 2.2.0A Samba Samba 2.2.1 Samba Samba 2.2.1A Samba Samba 2.2.2 Samba Samba 2.2.3 Samba Samba 2.2.3A Samba Samba 2.2.4 Samba Samba 2.2.5 Samba Samba 2.2.6 Samba Samba 2.2.7 Samba Samba 2.2.7A Samba Samba 2.2.8 Samba Samba 2.2.8A Samba Samba 2.2.9 Samba Samba 2.2.10 Samba Samba 2.2.11 Samba Samba 2.2.12 Samba Samba 2.2A Samba Samba 2.18.3 Samba Samba 3.0 Samba Samba 3.0.0 Samba Samba 3.0.1 Samba Samba 3.0.2 Samba Samba 3.0.2A Samba Samba 3.0.3 Samba Samba 3.0.4 Samba Samba 3.0.5 Samba Samba 3.0.6 Samba Samba 3.0.7 Samba Samba 3.0.8 Samba Samba 3.0.9 Samba Samba 3.0.10 Samba Samba 3.0.11 Samba Samba 3.0.12 Samba Samba 3.0.13 Samba Samba 3.0.14 Samba Samba 3.0.14A Samba Samba 3.0.15 Samba Samba 3.0.16 Samba Samba 3.0.17 Samba Samba 3.0.18 Samba Samba 3.0.19 Samba Samba 3.0.20 Samba Samba 3.0.20A Samba Samba 3.0.20B Samba Samba 3.0.21 Samba Samba 3.0.21A Samba Samba 3.0.21B Samba Samba 3.0.21C Samba Samba 3.0.22 Samba Samba 3.0.23 Samba Samba 3.0.23A Samba Samba 3.0.23B Samba Samba 3.0.23C Samba Samba 3.0.23D Samba Samba 3.0.24 Samba Samba 3.0.25 Samba Samba 3.0.25A Samba Samba 3.0.25B Samba Samba 3.0.25C Samba Samba 3.0.26 Samba Samba 3.0.26A Samba Samba 3.0.27 Samba Samba 3.0.28 Samba Samba 3.0.29 Samba Samba 3.0.30 Samba Samba 3.0.31 Samba Samba 3.0.32 Samba Samba 3.0.33 Samba Samba 3.0.34 Samba Samba 3.0.35 Samba Samba 3.0.36 Samba Samba 3.0.37 Samba Samba 3.1 Samba Samba 3.1.0 Samba Samba 3.2.0 Samba Samba 3.2.1 Samba Samba 3.2.2 Samba Samba 3.2.3 Samba Samba 3.2.4 Samba Samba 3.2.5 Samba Samba 3.2.6 Samba Samba 3.2.7 Samba Samba 3.2.8 Samba Samba 3.2.9 Samba Samba 3.2.10 Samba Samba 3.2.11 Samba Samba 3.2.12 Samba Samba 3.2.13 Samba Samba 3.2.14 Samba Samba 3.2.15 Samba Samba 3.3.0 Samba Samba 3.3.1 Samba Samba 3.3.2 Samba Samba 3.3.3 Samba Samba 3.3.4 Samba Samba 3.3.5 Samba Samba 3.3.6 Samba Samba 3.3.7 Samba Samba 3.3.8 Samba Samba 3.3.9 Samba Samba 3.3.10 Samba Samba 3.3.11 Samba Samba 3.3.12 Samba Samba 3.3.13 Samba Samba 3.3.14 Samba Samba 3.3.15 Samba Samba 3.3.16 Samba Samba 3.4.0 Samba Samba 3.4.1 Samba Samba 3.4.2 Samba Samba 3.4.3 Samba Samba 3.4.4 Samba Samba 3.4.5 Samba Samba 3.4.6 Samba Samba 3.4.7 Samba Samba 3.4.8 Samba Samba 3.4.9 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba Samba 3.4.12 Samba Samba 3.4.13 Samba Samba 3.4.14 Samba Samba 3.4.15 Samba Samba 3.4.16 Samba Samba 3.4.17 Samba Samba 3.5.0 Samba Samba 3.5.1 Samba Samba 3.5.2 Samba Samba 3.5.3 Samba Samba 3.5.4 Samba Samba 3.5.5 Samba Samba 3.5.6 Samba Samba 3.5.7 Samba Samba 3.5.8 Samba Samba 3.5.9 Samba Samba 3.5.10 Samba Samba 3.5.11 Samba Samba 3.5.12 Samba Samba 3.5.13 Samba Samba 3.5.14 Samba Samba 3.5.15 Samba Samba 3.5.16 Samba Samba 3.5.17 Samba Samba 3.5.18 Samba Samba 3.5.19 Samba Samba 3.5.20 Samba Samba 3.5.21 Samba Samba 3.5.22 Samba Samba 3.6.0 Samba Samba 3.6.1 Samba Samba 3.6.2 Samba Samba 3.6.3 Samba Samba 3.6.4 Samba Samba 3.6.5 Samba Samba 3.6.6 Samba Samba 3.6.7 Samba Samba 3.6.8 Samba Samba 3.6.9 Samba Samba 3.6.10 Samba Samba 3.6.11 Samba Samba 3.6.12 Samba Samba 3.6.13 Samba Samba 3.6.14 Samba Samba 3.6.15 Samba Samba 3.6.16 Samba Samba 3.6.17 Samba Samba 3.6.18 Samba Samba 3.6.19 Samba Samba 3.6.20 Samba Samba 3.6.21 Samba Samba 3.6.22 Samba Samba 3.6.23 Samba Samba 3.6.24 Samba Samba 3.6.25 Samba Samba 4.0.0 Samba Samba 4.0.1 Samba Samba 4.0.2 Samba Samba 4.0.3 Samba Samba 4.0.4 Samba Samba 4.0.5 Samba Samba 4.0.6 Samba Samba 4.0.7 Samba Samba 4.0.8 Samba Samba 4.0.9 Samba Samba 4.0.10 Samba Samba 4.0.11 Samba Samba 4.0.12 Samba Samba 4.0.13 Samba Samba 4.0.14 Samba Samba 4.0.15 Samba Samba 4.0.16 Samba Samba 4.0.17 Samba Samba 4.0.18 Samba Samba 4.0.19 Samba Samba 4.0.20 Samba Samba 4.0.21 Samba Samba 4.0.22 Samba Samba 4.0.23 Samba Samba 4.0.24 Samba Samba 4.0.25 Samba Samba 4.0.26 Samba Samba 4.1.0 Samba Samba 4.1.1 Samba Samba 4.1.2 Samba Samba 4.1.3 Samba Samba 4.1.4 Samba Samba 4.1.5 Samba Samba 4.1.6 Samba Samba 4.1.7 Samba Samba 4.1.8 Samba Samba 4.1.9 Samba Samba 4.1.10 Samba Samba 4.1.11 Samba Samba 4.1.12 Samba Samba 4.1.13 Samba Samba 4.1.14 Samba Samba 4.1.15 Samba Samba 4.1.16 Samba Samba 4.1.17 Samba Samba 4.1.18 Samba Samba 4.1.19 Samba Samba 4.1.20 Samba Samba 4.1.21 Samba Samba 4.1.22 Samba Samba 4.1.23 Samba Samba 4.2.0 Samba Samba 4.2.1 Samba Samba 4.2.2 Samba Samba 4.2.3 Samba Samba 4.2.4 Samba Samba 4.2.5 Samba Samba 4.2.6 Samba Samba 4.2.7 Samba Samba 4.2.8 Samba Samba 4.2.9 Samba Samba 4.2.10 Samba Samba 4.2.11 Samba Samba 4.2.12 Samba Samba 4.2.13 Samba Samba 4.2.14 Samba Samba 4.3.0 Samba Samba 4.3.1 Samba Samba 4.3.2 Samba Samba 4.3.3 Samba Samba 4.3.4 Samba Samba 4.3.5 Samba Samba 4.3.6 Samba Samba 4.3.7 Samba Samba 4.3.8 Samba Samba 4.3.9 Samba Samba 4.3.10 Samba Samba 4.3.11 Samba Samba 4.3.12 Samba Samba 4.3.13 Samba Samba 4.4.0 Samba Samba 4.4.1 Samba Samba 4.4.2 Samba Samba 4.4.3 Samba Samba 4.4.4 Samba Samba 4.4.5 Samba Samba 4.4.6 Samba Samba 4.4.7 Samba Samba 4.4.8 Samba Samba 4.4.9 Samba Samba 4.5.3 Samba Samba 4.5.4 Samba Samba 4.5.1 Samba Samba 4.5.5	357
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server AUS 7.4 Redhat Enterprise Linux Server AUS 7.6 Redhat Enterprise Linux Server EUS 7.4 Redhat Enterprise Linux Server EUS 7.5 Redhat Enterprise Linux Server EUS 7.6 Redhat Enterprise Linux Server TUS 7.6	9
OS	Debian Debian Debian Linux 8.0	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1754.NASL
description	Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. CVE-2018-1050 Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash. CVE-2018-1057 On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users
last seen	2020-06-01
modified	2020-06-02
plugin id	123959
published	2019-04-10
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123959
title	Debian DLA-1754-1 : samba security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1754-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(123959); script_version("1.4"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2017-9461", "CVE-2018-1050", "CVE-2018-1057", "CVE-2019-3880"); script_name(english:"Debian DLA-1754-1 : samba security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. CVE-2018-1050 Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash. CVE-2018-1057 On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). Thanks to the Ubuntu security team for having backported the rather invasive changeset to Samba in Ubuntu 14.04 (which we could use to patch Samba in Debian jessie LTS). CVE-2019-3880 A flaw was found in the way Samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could have used this flaw to create a new registry hive file anywhere they had unix permissions which could have lead to creation of a new file in the Samba share. For Debian 8 'Jessie', these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u12. We recommend that you upgrade your samba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/samba" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1057"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-smbpass"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libparse-pidl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:registry-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dsdb-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-vfs-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:smbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:winbind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libnss-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libpam-smbpass", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libpam-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libparse-pidl-perl", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"python-samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"registry-tools", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-common", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-common-bin", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dbg", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-doc", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dsdb-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-libs", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-testsuite", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-vfs-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"smbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2017-1950.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	102745
published	2017-08-25
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102745
title	CentOS 7 : samba (CESA-2017:1950)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1950 and # CentOS Errata and Security Advisory 2017:1950 respectively. # include("compat.inc"); if (description) { script_id(102745); script_version("3.7"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2017-9461"); script_xref(name:"RHSA", value:"2017:1950"); script_name(english:"CentOS 7 : samba (CESA-2017:1950)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004532.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fea5b705" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9461"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-tests-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-tools-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-krb5-printing-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-pidl-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-python-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-clients-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.6.2-8.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-modules-4.6.2-8.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-1950.NASL
description	An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	102106
published	2017-08-02
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102106
title	RHEL 7 : samba (RHSA-2017:1950)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:1950. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(102106); script_version("3.14"); script_cvs_date("Date: 2019/10/24 15:35:43"); script_cve_id("CVE-2017-9461"); script_xref(name:"RHSA", value:"2017:1950"); script_name(english:"RHEL 7 : samba (RHSA-2017:1950)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section." ); # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3395ff0b" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:1950" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-9461" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:1950"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ctdb-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ctdb-tests-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libsmbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libsmbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libwbclient-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"libwbclient-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-client-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-client-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-client-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-common-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-common-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-common-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-common-tools-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-common-tools-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-dc-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-dc-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-dc-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-dc-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-debuginfo-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-devel-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-krb5-printing-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-krb5-printing-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-pidl-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-python-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-python-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-test-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-test-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-test-libs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-winbind-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-winbind-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-winbind-clients-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-winbind-clients-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"samba-winbind-krb5-locator-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.6.2-8.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"samba-winbind-modules-4.6.2-8.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc"); } }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1220.NASL
description	According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-09-11
plugin id	103078
published	2017-09-11
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103078
title	EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1220)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2017-1950.NASL
description	From Red Hat Security Advisory 2017:1950 : An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es) : * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	102290
published	2017-08-09
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102290
title	Oracle Linux 7 : samba (ELSA-2017-1950)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-2338.NASL
description	An update for samba is now available for Red Hat Gluster Storage 3.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619.
last seen	2020-06-01
modified	2020-06-02
plugin id	102156
published	2017-08-03
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102156
title	RHEL 7 : Red Hat Gluster Storage (RHSA-2017:2338)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-2778.NASL
description	An update for samba is now available for Red Hat Gluster Storage 3.3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es) : * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. Bug Fix(es) : * In the samba configuration, by default the
last seen	2020-06-01
modified	2020-06-02
plugin id	103453
published	2017-09-25
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103453
title	RHEL 6 : Storage Server (RHSA-2017:2778)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3348-1.NASL
description	It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-9461) In addition, this update fixes a regression introduced by USN-3267-1 that caused Samba to incorrectly handle non-wide symlinks to directories. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	101262
published	2017-07-06
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101262
title	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : samba vulnerability (USN-3348-1)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20170801_SAMBA_ON_SL7_X.NASL
description	The following packages have been upgraded to a later upstream version: samba (4.6.2). Security Fix(es) : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461)
last seen	2020-03-18
modified	2017-08-22
plugin id	102656
published	2017-08-22
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102656
title	Scientific Linux Security Update : samba on SL7.x x86_64 (20170801)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1219.NASL
description	According to the version of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-09-11
plugin id	103077
published	2017-09-11
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103077
title	EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1219)

Redhat

advisories

bugzilla

id	1461336
title	Smbclient not working properly with winbind separator '+'

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment samba-pidl is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950001
comment samba-pidl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258032
AND
comment samba-test-libs is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950003
comment samba-test-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258040
AND
comment samba-python is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950005
comment samba-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258026
AND
comment samba is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950007
comment samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258022
AND
comment samba-dc is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950009
comment samba-dc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258002
AND
comment samba-devel is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950011
comment samba-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258038

AND

comment samba-vfs-glusterfs is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950013
comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258042

AND
comment samba-dc-libs is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950015
comment samba-dc-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258036

AND

comment samba-winbind-krb5-locator is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950017
comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258004

AND

comment libsmbclient-devel is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950019
comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258034

AND

comment libwbclient-devel is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950021
comment libwbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258048

AND
comment samba-test is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950023
comment samba-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258044

AND

comment samba-krb5-printing is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950025
comment samba-krb5-printing is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171265018

AND
comment samba-common is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950027
comment samba-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258006
AND
comment samba-libs is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950029
comment samba-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258008
AND
comment samba-client is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950031
comment samba-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258014

AND

comment samba-winbind-modules is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950033
comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258024

AND

comment samba-client-libs is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950035
comment samba-client-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258028

AND

comment samba-common-tools is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950037
comment samba-common-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258030

AND

comment samba-winbind-clients is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950039
comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258018

AND

comment samba-common-libs is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950041
comment samba-common-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258020

AND
comment samba-winbind is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950043
comment samba-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258010
AND
comment libwbclient is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950045
comment libwbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258016
AND
comment libsmbclient is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950047
comment libsmbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258012
AND
comment ctdb-tests is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950049
comment ctdb-tests is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258054
AND
comment ctdb is earlier than 0:4.6.2-8.el7
oval oval:com.redhat.rhsa:tst:20171950051
comment ctdb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258050

rhsa

id	RHSA-2017:1950
released	2017-08-01
severity	Low
title	RHSA-2017:1950: samba security, bug fix, and enhancement update (Low)

rhsa
id RHSA-2017:2338
rhsa
id RHSA-2017:2778

rpms

ctdb-0:4.6.2-8.el7
ctdb-tests-0:4.6.2-8.el7
libsmbclient-0:4.6.2-8.el7
libsmbclient-devel-0:4.6.2-8.el7
libwbclient-0:4.6.2-8.el7
libwbclient-devel-0:4.6.2-8.el7
samba-0:4.6.2-8.el7
samba-client-0:4.6.2-8.el7
samba-client-libs-0:4.6.2-8.el7
samba-common-0:4.6.2-8.el7
samba-common-libs-0:4.6.2-8.el7
samba-common-tools-0:4.6.2-8.el7
samba-dc-0:4.6.2-8.el7
samba-dc-libs-0:4.6.2-8.el7
samba-debuginfo-0:4.6.2-8.el7
samba-devel-0:4.6.2-8.el7
samba-krb5-printing-0:4.6.2-8.el7
samba-libs-0:4.6.2-8.el7
samba-pidl-0:4.6.2-8.el7
samba-python-0:4.6.2-8.el7
samba-test-0:4.6.2-8.el7
samba-test-libs-0:4.6.2-8.el7
samba-vfs-glusterfs-0:4.6.2-8.el7
samba-winbind-0:4.6.2-8.el7
samba-winbind-clients-0:4.6.2-8.el7
samba-winbind-krb5-locator-0:4.6.2-8.el7
samba-winbind-modules-0:4.6.2-8.el7
ctdb-0:4.6.3-4.el7rhgs
ctdb-tests-0:4.6.3-4.el7rhgs
libsmbclient-0:4.6.3-4.el7rhgs
libsmbclient-devel-0:4.6.3-4.el7rhgs
libwbclient-0:4.6.3-4.el7rhgs
libwbclient-devel-0:4.6.3-4.el7rhgs
samba-0:4.6.3-4.el7rhgs
samba-client-0:4.6.3-4.el7rhgs
samba-client-libs-0:4.6.3-4.el7rhgs
samba-common-0:4.6.3-4.el7rhgs
samba-common-libs-0:4.6.3-4.el7rhgs
samba-common-tools-0:4.6.3-4.el7rhgs
samba-dc-0:4.6.3-4.el7rhgs
samba-dc-libs-0:4.6.3-4.el7rhgs
samba-debuginfo-0:4.6.3-4.el7rhgs
samba-devel-0:4.6.3-4.el7rhgs
samba-krb5-printing-0:4.6.3-4.el7rhgs
samba-libs-0:4.6.3-4.el7rhgs
samba-pidl-0:4.6.3-4.el7rhgs
samba-python-0:4.6.3-4.el7rhgs
samba-test-0:4.6.3-4.el7rhgs
samba-test-libs-0:4.6.3-4.el7rhgs
samba-vfs-glusterfs-0:4.6.3-4.el7rhgs
samba-winbind-0:4.6.3-4.el7rhgs
samba-winbind-clients-0:4.6.3-4.el7rhgs
samba-winbind-krb5-locator-0:4.6.3-4.el7rhgs
samba-winbind-modules-0:4.6.3-4.el7rhgs
ctdb-0:4.6.3-5.el6rhs
ctdb-tests-0:4.6.3-5.el6rhs
ldb-tools-0:1.1.29-1.el6rhs
libldb-0:1.1.29-1.el6rhs
libldb-debuginfo-0:1.1.29-1.el6rhs
libldb-devel-0:1.1.29-1.el6rhs
libsmbclient-0:4.6.3-5.el6rhs
libsmbclient-devel-0:4.6.3-5.el6rhs
libtalloc-0:2.1.9-1.el6rhs
libtalloc-debuginfo-0:2.1.9-1.el6rhs
libtalloc-devel-0:2.1.9-1.el6rhs
libtdb-0:1.3.12-1.1.el6rhs
libtdb-debuginfo-0:1.3.12-1.1.el6rhs
libtdb-devel-0:1.3.12-1.1.el6rhs
libtevent-0:0.9.31-1.el6rhs
libtevent-debuginfo-0:0.9.31-1.el6rhs
libtevent-devel-0:0.9.31-1.el6rhs
libwbclient-0:4.6.3-5.el6rhs
libwbclient-devel-0:4.6.3-5.el6rhs
pyldb-0:1.1.29-1.el6rhs
pyldb-devel-0:1.1.29-1.el6rhs
pytalloc-0:2.1.9-1.el6rhs
pytalloc-devel-0:2.1.9-1.el6rhs
python-tdb-0:1.3.12-1.1.el6rhs
python-tevent-0:0.9.31-1.el6rhs
samba-0:4.6.3-5.el6rhs
samba-client-0:4.6.3-5.el6rhs
samba-client-libs-0:4.6.3-5.el6rhs
samba-common-0:4.6.3-5.el6rhs
samba-common-libs-0:4.6.3-5.el6rhs
samba-common-tools-0:4.6.3-5.el6rhs
samba-dc-0:4.6.3-5.el6rhs
samba-dc-libs-0:4.6.3-5.el6rhs
samba-debuginfo-0:4.6.3-5.el6rhs
samba-devel-0:4.6.3-5.el6rhs
samba-krb5-printing-0:4.6.3-5.el6rhs
samba-libs-0:4.6.3-5.el6rhs
samba-pidl-0:4.6.3-5.el6rhs
samba-python-0:4.6.3-5.el6rhs
samba-test-0:4.6.3-5.el6rhs
samba-test-libs-0:4.6.3-5.el6rhs
samba-vfs-glusterfs-0:4.6.3-5.el6rhs
samba-winbind-0:4.6.3-5.el6rhs
samba-winbind-clients-0:4.6.3-5.el6rhs
samba-winbind-krb5-locator-0:4.6.3-5.el6rhs
samba-winbind-modules-0:4.6.3-5.el6rhs
tdb-tools-0:1.3.12-1.1.el6rhs

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References