Vulnerabilities > CVE-2018-1057 - Incorrect Authorization vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1754.NASL description Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. CVE-2018-1050 Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash. CVE-2018-1057 On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users last seen 2020-06-01 modified 2020-06-02 plugin id 123959 published 2019-04-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123959 title Debian DLA-1754-1 : samba security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1754-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(123959); script_version("1.4"); script_cvs_date("Date: 2020/01/23"); script_cve_id("CVE-2017-9461", "CVE-2018-1050", "CVE-2018-1057", "CVE-2019-3880"); script_name(english:"Debian DLA-1754-1 : samba security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Various vulnerabilities were discovered in Samba, SMB/CIFS file, print, and login server/client for Unix CVE-2017-9461 smbd in Samba had a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. CVE-2018-1050 Samba was vulnerable to a denial of service attack when the RPC spoolss service was configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could have caused the print spooler service to crash. CVE-2018-1057 On a Samba 4 AD DC the LDAP server of Samba incorrectly validated permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). Thanks to the Ubuntu security team for having backported the rather invasive changeset to Samba in Ubuntu 14.04 (which we could use to patch Samba in Debian jessie LTS). CVE-2019-3880 A flaw was found in the way Samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could have used this flaw to create a new registry hive file anywhere they had unix permissions which could have lead to creation of a new file in the Samba share. For Debian 8 'Jessie', these problems have been fixed in version 2:4.2.14+dfsg-0+deb8u12. We recommend that you upgrade your samba packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/samba" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1057"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-smbpass"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libparse-pidl-perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbsharemodes0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:registry-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dsdb-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-vfs-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:smbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:winbind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"libnss-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libpam-smbpass", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libpam-winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libparse-pidl-perl", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libsmbsharemodes0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"libwbclient0", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"python-samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"registry-tools", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-common", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-common-bin", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dbg", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dev", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-doc", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-dsdb-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-libs", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-testsuite", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"samba-vfs-modules", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"smbclient", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (deb_check(release:"8.0", prefix:"winbind", reference:"2:4.2.14+dfsg-0+deb8u12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4135.NASL description Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. https://www.samba.org/samba/security/CVE-2018-1050.html - CVE-2018-1057 Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users. https://www.samba.org/samba/security/CVE-2018-1057.html https://wiki.samba.org/index.php/CVE-2018-1057 last seen 2020-06-01 modified 2020-06-02 plugin id 108304 published 2018-03-14 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108304 title Debian DSA-4135-1 : samba - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4135. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(108304); script_version("1.6"); script_cvs_date("Date: 2018/11/13 12:30:46"); script_cve_id("CVE-2018-1050", "CVE-2018-1057"); script_xref(name:"DSA", value:"4135"); script_name(english:"Debian DSA-4135-1 : samba - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2018-1050 It was discovered that Samba is prone to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. https://www.samba.org/samba/security/CVE-2018-1050.html - CVE-2018-1057 Bjoern Baumbach from Sernet discovered that on Samba 4 AD DC the LDAP server incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users. https://www.samba.org/samba/security/CVE-2018-1057.html https://wiki.samba.org/index.php/CVE-2018-1057" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-1050" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1050.html" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-1057" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1057.html" ); script_set_attribute( attribute:"see_also", value:"https://wiki.samba.org/index.php/CVE-2018-1057" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/samba" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/samba" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4135" ); script_set_attribute( attribute:"solution", value: "Upgrade the samba packages. For the oldstable distribution (jessie), CVE-2018-1050 will be addressed in a later update. Unfortunately the changes required to fix CVE-2018-1057 for Debian oldstable are too invasive to be backported. Users using Samba as an AD-compatible domain controller are encouraged to apply the workaround described in the Samba wiki and upgrade to Debian stretch. For the stable distribution (stretch), these problems have been fixed in version 2:4.5.12+dfsg-2+deb9u2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"ctdb", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libnss-winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libpam-winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libparse-pidl-perl", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libsmbclient", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libsmbclient-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libwbclient-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"libwbclient0", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"python-samba", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"registry-tools", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba-common", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba-common-bin", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba-dev", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba-dsdb-modules", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba-libs", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba-testsuite", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"samba-vfs-modules", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"smbclient", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (deb_check(release:"9.0", prefix:"winbind", reference:"2:4.5.12+dfsg-2+deb9u2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-649.NASL description Samba was updated to 4.6.14, fixing bugs and security issues : Version update to 4.6.14 (bsc#1093664) : + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn last seen 2020-06-05 modified 2018-06-18 plugin id 110593 published 2018-06-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110593 title openSUSE Security Update : samba (openSUSE-2018-649) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-649. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(110593); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-1057"); script_name(english:"openSUSE Security Update : samba (openSUSE-2018-649)"); script_summary(english:"Check for the openSUSE-2018-649 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Samba was updated to 4.6.14, fixing bugs and security issues : Version update to 4.6.14 (bsc#1093664) : + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270). + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244). + s3:libsmb: allow -U'\\administrator' to work; (bso#13206). + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272); (bsc#1081024). + s3:smbd: Do not crash if we fail to init the session table; (bso#13315). + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310). + smbXcli: Add 'force_channel_sequence'; (bso#13215). + smbd: Fix channel sequence number checks for long-running requests; (bso#13215). + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197). + s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions; (bso#13197). + samba: Only use async signal-safe functions in signal handler; (bso#13240). + subnet: Avoid a segfault when renaming subnet objects; (bso#13031). - Fix vfs_ceph with 'aio read size' or 'aio write size' > 0; (bsc#1093664). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). This update was imported from the SUSE:SLE-12-SP3:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081024" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093664" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ceph"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-core-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"ctdb-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ctdb-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ctdb-tests-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ctdb-tests-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-binding0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-samr-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-samr0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc-samr0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-krb5pac-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-krb5pac0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-nbt-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-nbt0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-standard-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-standard0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libndr0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libnetapi-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libnetapi0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-credentials-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-credentials0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-errors-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-errors0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-hostconfig-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-passdb-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-passdb0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-policy-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-policy0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-policy0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-util-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-util0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamdb-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamdb0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbclient-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbclient0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbconf-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbconf0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbldap-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbldap0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtevent-util-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtevent-util0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libwbclient-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libwbclient0-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-client-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-client-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-core-devel-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-debugsource-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-libs-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-pidl-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-python-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-python-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-test-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-test-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-winbind-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-samr0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc-samr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libnetapi0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-policy0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-policy0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamdb0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libwbclient0-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-ceph-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-ceph-debuginfo-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-client-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-libs-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-winbind-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-15.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-debuginfo / ctdb-tests / ctdb-tests-debuginfo / etc"); }
NASL family Misc. NASL id SAMBA_4_7_6.NASL description The version of Samba running on the remote host is 4.5.x prior to 4.5.16, or 4.6.x prior to 4.6.14, or 4.7.x prior to 4.7.6. It is, therefore, affected by a remote DoS and a remote password manipulation vulnerability. Note: Refer to the advisories for possible workarounds. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 108378 published 2018-03-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108378 title Samba 4.5.x < 4.5.16 / 4.6.x < 4.6.14 / 4.7.x < 4.7.6 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(108378); script_version("1.4"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-1050", "CVE-2018-1057"); script_bugtraq_id(103382, 103387); script_name(english:"Samba 4.5.x < 4.5.16 / 4.6.x < 4.6.14 / 4.7.x < 4.7.6 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Samba."); script_set_attribute(attribute:"synopsis", value: "The remote Samba server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Samba running on the remote host is 4.5.x prior to 4.5.16, or 4.6.x prior to 4.6.14, or 4.7.x prior to 4.7.6. It is, therefore, affected by a remote DoS and a remote password manipulation vulnerability. Note: Refer to the advisories for possible workarounds. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1050.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1057.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.5.16.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.6.14.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-4.7.6.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Samba version 4.5.16 / 4.6.14 / 4.7.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1057"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_kb_item("SMB/transport"); if (!port) port = 445; lanman = get_kb_item_or_exit("SMB/NativeLanManager"); if ("Samba " >!< lanman) audit(AUDIT_NOT_LISTEN, "Samba", port); version = lanman - 'Samba '; if (version =~ "^4(\.[5-9])?$") audit(AUDIT_VER_NOT_GRANULAR, "Samba", port, version); fix = NULL; regexes = make_array(-2, "a(\d+)", -1, "rc(\d+)"); # Affected : # Note versions prior to 4.6 are EoL # https://wiki.samba.org/index.php/Samba_Release_Planning # # We are including a 4.5.x check because they did release 4.5.16 # 4.5.x < 4.5.16 # 4.6.x < 4.6.14 # 4.7.x < 4.7.6 if (version =~ "^4\.5\.") fix = '4.5.16'; else if (version =~ "^4\.6\.") fix = '4.6.14'; else if (version =~ "^4\.7\.") fix = '4.7.6'; if ( !isnull(fix) && (ver_compare(ver:version, fix:fix, regexes:regexes) < 0) && (ver_compare(ver:version, fix:'4.0.0', regexes:regexes) >= 0) ) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); } else audit(AUDIT_LISTEN_NOT_VULN, "Samba", port, version);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FB26F78A26A911E8A1C200505689D4AE.NASL description The samba project reports : Missing NULL pointer checks may crash the external print server process. On a Samba 4 AD DC any authenticated user can change other user last seen 2020-06-01 modified 2020-06-02 plugin id 108316 published 2018-03-14 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108316 title FreeBSD : samba -- multiple vulnerabilities (fb26f78a-26a9-11e8-a1c2-00505689d4ae) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(108316); script_version("1.5"); script_cvs_date("Date: 2018/11/10 11:49:47"); script_cve_id("CVE-2018-1050", "CVE-2018-1057"); script_name(english:"FreeBSD : samba -- multiple vulnerabilities (fb26f78a-26a9-11e8-a1c2-00505689d4ae)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The samba project reports : Missing NULL pointer checks may crash the external print server process. On a Samba 4 AD DC any authenticated user can change other user's passwords over LDAP, including the passwords of administrative users and service accounts." ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1050.html" ); script_set_attribute( attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1057.html" ); # https://vuxml.freebsd.org/freebsd/fb26f78a-26a9-11e8-a1c2-00505689d4ae.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a566c41f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba44"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba45"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba46"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba47"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/03"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"samba44<4.4.17")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba45<4.5.16")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba46<4.6.14")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba47<4.7.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3595-1.NASL description Bjorn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. (CVE-2018-1057) It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. (CVE-2018-1050). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108335 published 2018-03-14 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108335 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : samba vulnerabilities (USN-3595-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3595-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(108335); script_version("1.6"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2018-1050", "CVE-2018-1057"); script_xref(name:"USN", value:"3595-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : samba vulnerabilities (USN-3595-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Bjorn Baumbach discovered that Samba incorrectly validated permissions when changing account passwords via LDAP. An authenticated attacker could use this issue to change the password of other users, including administrators, and perform actions as those users. (CVE-2018-1057) It was discovered that Samba incorrectly validated inputs to the RPC spoolss service. An authenticated attacker could use this issue to cause the service to crash, resulting in a denial of service. (CVE-2018-1050). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3595-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected samba and / or samba-dsdb-modules packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"samba", pkgver:"2:4.3.11+dfsg-0ubuntu0.14.04.14")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"samba-dsdb-modules", pkgver:"2:4.3.11+dfsg-0ubuntu0.14.04.14")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"samba", pkgver:"2:4.3.11+dfsg-0ubuntu0.16.04.13")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"samba-dsdb-modules", pkgver:"2:4.3.11+dfsg-0ubuntu0.16.04.13")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"samba", pkgver:"2:4.6.7+dfsg-1ubuntu3.2")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"samba-dsdb-modules", pkgver:"2:4.6.7+dfsg-1ubuntu3.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba / samba-dsdb-modules"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-C5C651AC44.NASL description Security fix for CVE-2018-1050 CVE-2018-1057 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-15 plugin id 108349 published 2018-03-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108349 title Fedora 27 : 2:samba / libldb (2018-c5c651ac44) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-c5c651ac44. # include("compat.inc"); if (description) { script_id(108349); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-1050", "CVE-2018-1057"); script_xref(name:"FEDORA", value:"2018-c5c651ac44"); script_name(english:"Fedora 27 : 2:samba / libldb (2018-c5c651ac44)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-1050 CVE-2018-1057 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c5c651ac44" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:samba and / or libldb packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libldb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"samba-4.7.6-0.fc27", epoch:"2")) flag++; if (rpm_check(release:"FC27", reference:"libldb-1.3.2-1.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba / libldb"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201805-07.NASL description The remote host is affected by the vulnerability described in GLSA-201805-07 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 109974 published 2018-05-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109974 title GLSA-201805-07 : Samba: Multiple vulnerabilities (SambaCry) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201805-07. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(109974); script_version("1.4"); script_cvs_date("Date: 2019/04/08 10:48:58"); script_cve_id("CVE-2016-2119", "CVE-2017-14746", "CVE-2017-15275", "CVE-2017-7494", "CVE-2018-1050", "CVE-2018-1057"); script_xref(name:"GLSA", value:"201805-07"); script_name(english:"GLSA-201805-07 : Samba: Multiple vulnerabilities (SambaCry)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201805-07 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201805-07" ); script_set_attribute( attribute:"solution", value: "All Samba users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/samba-4.5.16'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba is_known_pipename() Arbitrary Module Load'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/23"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 4.5.16"), vulnerable:make_list("lt 4.5.16"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba"); }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-072-02.NASL description New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security a issue. last seen 2020-06-01 modified 2020-06-02 plugin id 108303 published 2018-03-14 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108303 title Slackware 14.0 / 14.1 / 14.2 / current : samba (SSA:2018-072-02) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2018-072-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(108303); script_version("1.3"); script_cvs_date("Date: 2018/09/04 13:20:08"); script_cve_id("CVE-2018-1057"); script_xref(name:"SSA", value:"2018-072-02"); script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : samba (SSA:2018-072-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security a issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.449448 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f60c679e" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.0", pkgname:"samba", pkgver:"4.4.16", pkgarch:"i486", pkgnum:"3_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"samba", pkgver:"4.4.16", pkgarch:"x86_64", pkgnum:"3_slack14.0")) flag++; if (slackware_check(osver:"14.1", pkgname:"samba", pkgver:"4.4.16", pkgarch:"i486", pkgnum:"3_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"samba", pkgver:"4.4.16", pkgarch:"x86_64", pkgnum:"3_slack14.1")) flag++; if (slackware_check(osver:"14.2", pkgname:"samba", pkgver:"4.4.16", pkgarch:"i586", pkgnum:"3_slack14.2")) flag++; if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"samba", pkgver:"4.4.16", pkgarch:"x86_64", pkgnum:"3_slack14.2")) flag++; if (slackware_check(osver:"current", pkgname:"samba", pkgver:"4.7.6", pkgarch:"i586", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"samba", pkgver:"4.7.6", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1687-1.NASL description Samba was updated to 4.6.14, fixing bugs and security issues: Version update to 4.6.14 (bsc#1093664) : + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn last seen 2020-06-01 modified 2020-06-02 plugin id 110531 published 2018-06-14 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110531 title SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:1687-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1687-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(110531); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:48"); script_cve_id("CVE-2018-1057"); script_name(english:"SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:1687-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Samba was updated to 4.6.14, fixing bugs and security issues: Version update to 4.6.14 (bsc#1093664) : + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270). + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244). + s3:libsmb: allow -U'\\administrator' to work; (bso#13206). + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272); (bsc#1081024). + s3:smbd: Do not crash if we fail to init the session table; (bso#13315). + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310). + smbXcli: Add 'force_channel_sequence'; (bso#13215). + smbd: Fix channel sequence number checks for long-running requests; (bso#13215). + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197). + s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions; (bso#13197). + samba: Only use async signal-safe functions in signal handler; (bso#13240). + subnet: Avoid a segfault when renaming subnet objects; (bso#13031). - Fix vfs_ceph with 'aio read size' or 'aio write size' > 0; (bsc#1093664). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081024" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1093664" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1057/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181687-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5fce8919" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1132=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1132=1 SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2018-1132=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1132=1 SUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2018-1132=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-binding0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-krb5pac0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-nbt0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-standard0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-credentials0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-errors0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-passdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbconf0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbldap0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc-binding0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libdcerpc0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-krb5pac0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-nbt0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr-standard0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libndr0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libnetapi0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-credentials0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-errors0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-hostconfig0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-passdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamba-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsamdb0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbconf0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libsmbldap0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libtevent-util0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libwbclient0-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-client-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-debugsource-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-libs-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-debuginfo-32bit-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"samba-winbind-debuginfo-4.6.14+git.150.1540e575faf-3.24.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-7D0ACD608B.NASL description Security fix for CVE-2018-1050 CVE-2018-1057 ---- Update to Samba 4.6.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-21 plugin id 108501 published 2018-03-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108501 title Fedora 26 : 2:samba (2018-7d0acd608b)
The Hacker News
id | THN:9AF63A5439FB2614532C19DFE04ACC6B |
last seen | 2018-03-13 |
modified | 2018-03-13 |
published | 2018-03-12 |
reporter | Mohit Kumar |
source | https://thehackernews.com/2018/03/samba-server-vulnerability.html |
title | Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities |
References
- http://www.securityfocus.com/bid/103382
- http://www.securityfocus.com/bid/103382
- http://www.securitytracker.com/id/1040494
- http://www.securitytracker.com/id/1040494
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://bugzilla.redhat.com/show_bug.cgi?id=1553553
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html
- https://security.gentoo.org/glsa/201805-07
- https://security.gentoo.org/glsa/201805-07
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://security.netapp.com/advisory/ntap-20180313-0001/
- https://usn.ubuntu.com/3595-1/
- https://usn.ubuntu.com/3595-1/
- https://www.debian.org/security/2018/dsa-4135
- https://www.debian.org/security/2018/dsa-4135
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.samba.org/samba/security/CVE-2018-1057.html
- https://www.synology.com/support/security/Synology_SA_18_08
- https://www.synology.com/support/security/Synology_SA_18_08