Vulnerabilities > CVE-2018-1057 - Incorrect Authorization vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1754-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(123959);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/23");

  script_cve_id("CVE-2017-9461", "CVE-2018-1050", "CVE-2018-1057", "CVE-2019-3880");

  script_name(english:"Debian DLA-1754-1 : samba security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Various vulnerabilities were discovered in Samba, SMB/CIFS file,
print, and login server/client for Unix

CVE-2017-9461

smbd in Samba had a denial of service vulnerability (fd_open_atomic
infinite loop with high CPU usage and memory consumption) due to
wrongly handling dangling symlinks.

CVE-2018-1050

Samba was vulnerable to a denial of service attack when the RPC
spoolss service was configured to be run as an external daemon.
Missing input sanitization checks on some of the input parameters to
spoolss RPC calls could have caused the print spooler service to
crash.

CVE-2018-1057

On a Samba 4 AD DC the LDAP server of Samba incorrectly validated
permissions to modify passwords over LDAP allowing authenticated users
to change any other users' passwords, including administrative users
and privileged service accounts (eg Domain Controllers).

Thanks to the Ubuntu security team for having backported the
rather invasive changeset to Samba in Ubuntu 14.04 (which we
could use to patch Samba in Debian jessie LTS).

CVE-2019-3880

A flaw was found in the way Samba implemented an RPC endpoint
emulating the Windows registry service API. An unprivileged attacker
could have used this flaw to create a new registry hive file anywhere
they had unix permissions which could have lead to creation of a new
file in the Samba share.

For Debian 8 'Jessie', these problems have been fixed in version
2:4.2.14+dfsg-0+deb8u12.

We recommend that you upgrade your samba packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/samba"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1057");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-smbpass");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libparse-pidl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:registry-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dsdb-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-vfs-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:smbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libnss-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libpam-smbpass", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libpam-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libparse-pidl-perl", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libsmbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libsmbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libsmbsharemodes-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libsmbsharemodes0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libwbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"libwbclient0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"python-samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"registry-tools", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-common", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-common-bin", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-dbg", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-doc", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-dsdb-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-libs", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-testsuite", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"samba-vfs-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"smbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;
if (deb_check(release:"8.0", prefix:"winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4135. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108304);
  script_version("1.6");
  script_cvs_date("Date: 2018/11/13 12:30:46");

  script_cve_id("CVE-2018-1050", "CVE-2018-1057");
  script_xref(name:"DSA", value:"4135");

  script_name(english:"Debian DSA-4135-1 : samba - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in Samba, a SMB/CIFS
file, print, and login server for Unix. The Common Vulnerabilities and
Exposures project identifies the following issues :

  - CVE-2018-1050
    It was discovered that Samba is prone to a denial of
    service attack when the RPC spoolss service is
    configured to be run as an external daemon.

    https://www.samba.org/samba/security/CVE-2018-1050.html

  - CVE-2018-1057
    Bjoern Baumbach from Sernet discovered that on Samba 4
    AD DC the LDAP server incorrectly validates permissions
    to modify passwords over LDAP allowing authenticated
    users to change any other users passwords, including
    administrative users.

    https://www.samba.org/samba/security/CVE-2018-1057.html

    https://wiki.samba.org/index.php/CVE-2018-1057"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2018-1050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.samba.org/samba/security/CVE-2018-1050.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2018-1057"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.samba.org/samba/security/CVE-2018-1057.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://wiki.samba.org/index.php/CVE-2018-1057"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/source-package/samba"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/samba"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2018/dsa-4135"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the samba packages.

For the oldstable distribution (jessie), CVE-2018-1050 will be
addressed in a later update. Unfortunately the changes required to fix
CVE-2018-1057 for Debian oldstable are too invasive to be backported.
Users using Samba as an AD-compatible domain controller are encouraged
to apply the workaround described in the Samba wiki and upgrade to
Debian stretch.

For the stable distribution (stretch), these problems have been fixed
in version 2:4.5.12+dfsg-2+deb9u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"ctdb", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libnss-winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libpam-winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libparse-pidl-perl", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libsmbclient", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libsmbclient-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libwbclient-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"libwbclient0", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"python-samba", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"registry-tools", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba-common", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba-common-bin", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba-dsdb-modules", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba-libs", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba-testsuite", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"samba-vfs-modules", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"smbclient", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;
if (deb_check(release:"9.0", prefix:"winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-649.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(110593);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2018-1057");

  script_name(english:"openSUSE Security Update : samba (openSUSE-2018-649)");
  script_summary(english:"Check for the openSUSE-2018-649 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Samba was updated to 4.6.14, fixing bugs and security issues :

Version update to 4.6.14 (bsc#1093664) :

  + vfs_ceph: add fake async pwrite/pread send/recv hooks;
    (bso#13425).

  + Fix memory leak in vfs_ceph; (bso#13424).

  + winbind: avoid using fstrcpy(dcname,...) in
    _dual_init_connection; (bso#13294).

  + s3:smb2_server: correctly maintain request counters for
    compound requests; (bso#13215).

  + s3: smbd: Unix extensions attempts to change wrong field
    in fchown call; (bso#13375).

  + s3:smbd: map nterror on smb2_flush errorpath;
    (bso#13338).

  + vfs_glusterfs: Fix the wrong pointer being sent in
    glfs_fsync_async; (bso#13297).

  + s3: smbd: Fix possible directory fd leak if the
    underlying OS doesn't support fdopendir(); (bso#13270).

  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get
    freed on error, we don't own it here; (bso#13244).

  + s3:libsmb: allow -U'\\administrator' to work;
    (bso#13206).

  + CVE-2018-1057: s4:dsdb: fix unprivileged password
    changes; (bso#13272); (bsc#1081024).

  + s3:smbd: Do not crash if we fail to init the session
    table; (bso#13315).

  + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02;
    (bso#13310).

  + smbXcli: Add 'force_channel_sequence'; (bso#13215).

  + smbd: Fix channel sequence number checks for
    long-running requests; (bso#13215).

  + s3:smb2_server: allow logoff, close, unlock, cancel and
    echo on expired sessions; (bso#13197).

  + s3:smbd: return the correct error for cancelled SMB2
    notifies on expired sessions; (bso#13197).

  + samba: Only use async signal-safe functions in signal
    handler; (bso#13240).

  + subnet: Avoid a segfault when renaming subnet objects;
    (bso#13031).

  - Fix vfs_ceph with 'aio read size' or 'aio write size' >
    0; (bsc#1093664).

  + vfs_ceph: add fake async pwrite/pread send/recv hooks;
    (bso#13425).

  + Fix memory leak in vfs_ceph; (bso#13424).

This update was imported from the SUSE:SLE-12-SP3:Update update
project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081024"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093664"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected samba packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ceph");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-core-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-pidl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"ctdb-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ctdb-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ctdb-tests-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"ctdb-tests-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-binding0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-samr-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-samr0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-samr0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-krb5pac-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-krb5pac0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-nbt-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-nbt0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-standard-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-standard0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libndr0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libnetapi-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libnetapi0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-credentials-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-credentials0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-errors-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-errors0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-hostconfig-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-passdb-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-passdb0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-policy-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-policy0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-policy0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-util-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-util0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamdb-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamdb0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbclient-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbclient0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbconf-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbconf0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbldap-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbldap0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libtevent-util-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libtevent-util0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libwbclient-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libwbclient0-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-client-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-client-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-core-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-debugsource-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-libs-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-pidl-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-python-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-python-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-test-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-test-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-winbind-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-samr0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-samr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libnetapi0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-policy0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-policy0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamdb0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libwbclient0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-ceph-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-ceph-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-client-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-libs-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-winbind-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-debuginfo / ctdb-tests / ctdb-tests-debuginfo / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108378);
  script_version("1.4");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id("CVE-2018-1050", "CVE-2018-1057");
  script_bugtraq_id(103382, 103387);

  script_name(english:"Samba 4.5.x < 4.5.16 / 4.6.x < 4.6.14 / 4.7.x < 4.7.6 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Samba.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Samba server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Samba running on the remote host is 4.5.x prior to
4.5.16, or 4.6.x prior to 4.6.14, or 4.7.x prior to 4.7.6. It is,
therefore, affected by a remote DoS and a remote password manipulation
vulnerability.

Note: Refer to the advisories for possible workarounds.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1050.html");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1057.html");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.5.16.html");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.6.14.html");
  script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.7.6.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Samba version 4.5.16 / 4.6.14 / 4.7.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1057");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_nativelanman.nasl");
  script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_kb_item("SMB/transport");
if (!port) port = 445;

lanman = get_kb_item_or_exit("SMB/NativeLanManager");

if ("Samba " >!< lanman) audit(AUDIT_NOT_LISTEN, "Samba", port);

version = lanman - 'Samba ';

if (version =~ "^4(\.[5-9])?$")
  audit(AUDIT_VER_NOT_GRANULAR, "Samba", port, version);

fix = NULL;

regexes = make_array(-2, "a(\d+)", -1, "rc(\d+)");

# Affected :
# Note versions prior to 4.6 are EoL
# https://wiki.samba.org/index.php/Samba_Release_Planning
#
# We are including a 4.5.x check because they did release 4.5.16
# 4.5.x < 4.5.16
# 4.6.x < 4.6.14
# 4.7.x < 4.7.6
if (version =~ "^4\.5\.")
  fix = '4.5.16';
else if (version =~ "^4\.6\.")
  fix = '4.6.14';
else if (version =~ "^4\.7\.")
  fix = '4.7.6';

if ( !isnull(fix) &&
     (ver_compare(ver:version, fix:fix, regexes:regexes) < 0) &&
     (ver_compare(ver:version, fix:'4.0.0', regexes:regexes) >= 0) )
{
  report = '\n  Installed version : ' + version +
           '\n  Fixed version     : ' + fix +
           '\n';
  security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Samba", port, version);

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include("compat.inc");

if (description)
{
  script_id(108316);
  script_version("1.5");
  script_cvs_date("Date: 2018/11/10 11:49:47");

  script_cve_id("CVE-2018-1050", "CVE-2018-1057");

  script_name(english:"FreeBSD : samba -- multiple vulnerabilities (fb26f78a-26a9-11e8-a1c2-00505689d4ae)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The samba project reports :

Missing NULL pointer checks may crash the external print server
process.

On a Samba 4 AD DC any authenticated user can change other user's
passwords over LDAP, including the passwords of administrative users
and service accounts."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.samba.org/samba/security/CVE-2018-1050.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.samba.org/samba/security/CVE-2018-1057.html"
  );
  # https://vuxml.freebsd.org/freebsd/fb26f78a-26a9-11e8-a1c2-00505689d4ae.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a566c41f"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba44");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba45");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba46");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba47");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"samba44<4.4.17")) flag++;
if (pkg_test(save_report:TRUE, pkg:"samba45<4.5.16")) flag++;
if (pkg_test(save_report:TRUE, pkg:"samba46<4.6.14")) flag++;
if (pkg_test(save_report:TRUE, pkg:"samba47<4.7.6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3595-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108335);
  script_version("1.6");
  script_cvs_date("Date: 2019/09/18 12:31:48");

  script_cve_id("CVE-2018-1050", "CVE-2018-1057");
  script_xref(name:"USN", value:"3595-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : samba vulnerabilities (USN-3595-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Bjorn Baumbach discovered that Samba incorrectly validated
permissions when changing account passwords via LDAP. An authenticated
attacker could use this issue to change the password of other users,
including administrators, and perform actions as those users.
(CVE-2018-1057)

It was discovered that Samba incorrectly validated inputs to the RPC
spoolss service. An authenticated attacker could use this issue to
cause the service to crash, resulting in a denial of service.
(CVE-2018-1050).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3595-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected samba and / or samba-dsdb-modules packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"14.04", pkgname:"samba", pkgver:"2:4.3.11+dfsg-0ubuntu0.14.04.14")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"samba-dsdb-modules", pkgver:"2:4.3.11+dfsg-0ubuntu0.14.04.14")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"samba", pkgver:"2:4.3.11+dfsg-0ubuntu0.16.04.13")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"samba-dsdb-modules", pkgver:"2:4.3.11+dfsg-0ubuntu0.16.04.13")) flag++;
if (ubuntu_check(osver:"17.10", pkgname:"samba", pkgver:"2:4.6.7+dfsg-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"17.10", pkgname:"samba-dsdb-modules", pkgver:"2:4.6.7+dfsg-1ubuntu3.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba / samba-dsdb-modules");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2018-c5c651ac44.
#

include("compat.inc");

if (description)
{
  script_id(108349);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2018-1050", "CVE-2018-1057");
  script_xref(name:"FEDORA", value:"2018-c5c651ac44");

  script_name(english:"Fedora 27 : 2:samba / libldb (2018-c5c651ac44)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security fix for CVE-2018-1050 CVE-2018-1057

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c5c651ac44"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected 2:samba and / or libldb packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libldb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC27", reference:"samba-4.7.6-0.fc27", epoch:"2")) flag++;
if (rpm_check(release:"FC27", reference:"libldb-1.3.2-1.fc27")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba / libldb");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201805-07.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(109974);
  script_version("1.4");
  script_cvs_date("Date: 2019/04/08 10:48:58");

  script_cve_id("CVE-2016-2119", "CVE-2017-14746", "CVE-2017-15275", "CVE-2017-7494", "CVE-2018-1050", "CVE-2018-1057");
  script_xref(name:"GLSA", value:"201805-07");

  script_name(english:"GLSA-201805-07 : Samba: Multiple vulnerabilities (SambaCry)");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201805-07
(Samba: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Samba. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could possibly execute arbitrary code, cause a Denial
      of Service condition, conduct a man-in-the-middle attack, or obtain
      sensitive information.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201805-07"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Samba users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=net-fs/samba-4.5.16'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Samba is_known_pipename() Arbitrary Module Load');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/23");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 4.5.16"), vulnerable:make_list("lt 4.5.16"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2018-072-02. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108303);
  script_version("1.3");
  script_cvs_date("Date: 2018/09/04 13:20:08");

  script_cve_id("CVE-2018-1057");
  script_xref(name:"SSA", value:"2018-072-02");

  script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : samba (SSA:2018-072-02)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New samba packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix security a issue."
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.449448
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f60c679e"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected samba package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"14.0", pkgname:"samba", pkgver:"4.4.16", pkgarch:"i486", pkgnum:"3_slack14.0")) flag++;
if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"samba", pkgver:"4.4.16", pkgarch:"x86_64", pkgnum:"3_slack14.0")) flag++;

if (slackware_check(osver:"14.1", pkgname:"samba", pkgver:"4.4.16", pkgarch:"i486", pkgnum:"3_slack14.1")) flag++;
if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"samba", pkgver:"4.4.16", pkgarch:"x86_64", pkgnum:"3_slack14.1")) flag++;

if (slackware_check(osver:"14.2", pkgname:"samba", pkgver:"4.4.16", pkgarch:"i586", pkgnum:"3_slack14.2")) flag++;
if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"samba", pkgver:"4.4.16", pkgarch:"x86_64", pkgnum:"3_slack14.2")) flag++;

if (slackware_check(osver:"current", pkgname:"samba", pkgver:"4.7.6", pkgarch:"i586", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", arch:"x86_64", pkgname:"samba", pkgver:"4.7.6", pkgarch:"x86_64", pkgnum:"1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:1687-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(110531);
  script_version("1.4");
  script_cvs_date("Date: 2019/09/10 13:51:48");

  script_cve_id("CVE-2018-1057");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:1687-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Samba was updated to 4.6.14, fixing bugs and security issues: Version
update to 4.6.14 (bsc#1093664) :

  + vfs_ceph: add fake async pwrite/pread send/recv hooks;
    (bso#13425).

  + Fix memory leak in vfs_ceph; (bso#13424).

  + winbind: avoid using fstrcpy(dcname,...) in
    _dual_init_connection; (bso#13294).

  + s3:smb2_server: correctly maintain request counters for
    compound requests; (bso#13215).

  + s3: smbd: Unix extensions attempts to change wrong field
    in fchown call; (bso#13375).

  + s3:smbd: map nterror on smb2_flush errorpath;
    (bso#13338).

  + vfs_glusterfs: Fix the wrong pointer being sent in
    glfs_fsync_async; (bso#13297).

  + s3: smbd: Fix possible directory fd leak if the
    underlying OS doesn't support fdopendir(); (bso#13270).

  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get
    freed on error, we don't own it here; (bso#13244).

  + s3:libsmb: allow -U'\\administrator' to work;
    (bso#13206).

  + CVE-2018-1057: s4:dsdb: fix unprivileged password
    changes; (bso#13272); (bsc#1081024).

  + s3:smbd: Do not crash if we fail to init the session
    table; (bso#13315).

  + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02;
    (bso#13310).

  + smbXcli: Add 'force_channel_sequence'; (bso#13215).

  + smbd: Fix channel sequence number checks for
    long-running requests; (bso#13215).

  + s3:smb2_server: allow logoff, close, unlock, cancel and
    echo on expired sessions; (bso#13197).

  + s3:smbd: return the correct error for cancelled SMB2
    notifies on expired sessions; (bso#13197).

  + samba: Only use async signal-safe functions in signal
    handler; (bso#13240).

  + subnet: Avoid a segfault when renaming subnet objects;
    (bso#13031).

  - Fix vfs_ceph with 'aio read size' or 'aio write size' >
    0; (bsc#1093664).

  + vfs_ceph: add fake async pwrite/pread send/recv hooks;
    (bso#13425).

  + Fix memory leak in vfs_ceph; (bso#13424).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1081024"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1093664"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-1057/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20181687-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5fce8919"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2018-1132=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-1132=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
SUSE-SLE-HA-12-SP3-2018-1132=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2018-1132=1

SUSE Enterprise Storage 5:zypper in -t patch
SUSE-Storage-5-2018-1132=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-binding0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-krb5pac0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-nbt0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-standard0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnetapi0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-credentials0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-errors0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-passdb0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-util0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamdb0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbconf0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbldap0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent-util0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
}