Vulnerabilities > CVE-2018-10918 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Application | 23 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2318-1.NASL description This update for samba fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn last seen 2020-03-19 modified 2019-01-02 plugin id 120077 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120077 title SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2018:2318-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:2318-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(120077); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2018-10858", "CVE-2018-10918", "CVE-2018-10919", "CVE-2018-1139", "CVE-2018-1140"); script_name(english:"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2018:2318-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for samba fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048) - CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes; (bsc#1095056) - CVE-2018-10919: Confidential attribute disclosure via substring search; (bsc#1095057) - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow; (bsc#1103411) - CVE-2018-10918: Fix NULL ptr dereference in DsCrackNames on a user without a SPN; (bsc#1103414) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095056" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1095057" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1103411" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1103414" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10858/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10918/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10919/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1139/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1140/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20182318-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9d1de0a9" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1555=1 SUSE Linux Enterprise High Availability 15:zypper in -t patch SUSE-SLE-Product-HA-15-2018-1555=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-binding0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-samr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-krb5pac0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-nbt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-nbt0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-standard-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-standard0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libndr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnetapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-credentials0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-errors-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-errors0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-passdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-policy-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-policy0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbconf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbconf0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbldap2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-core-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/22"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc-binding0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc-binding0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc-samr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc-samr0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc-samr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libdcerpc0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-krb5pac-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-krb5pac0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-krb5pac0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-nbt-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-nbt0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-nbt0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-standard-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-standard0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr-standard0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libndr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libnetapi-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libnetapi0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libnetapi0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-credentials-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-credentials0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-credentials0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-errors-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-errors0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-errors0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-hostconfig-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-hostconfig0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-hostconfig0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-passdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-passdb0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-passdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-policy-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-policy0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-util0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamba-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamdb0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsamdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbconf-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbconf0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbconf0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbldap-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbldap2-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libsmbldap2-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libtevent-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libtevent-util0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libtevent-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libwbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libwbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libwbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-client-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-client-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-core-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-debugsource-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-libs-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-libs-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-winbind-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"samba-winbind-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc-binding0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc-binding0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc-samr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc-samr0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc-samr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libdcerpc0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-krb5pac-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-krb5pac0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-krb5pac0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-nbt-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-nbt0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-nbt0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-standard-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-standard0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr-standard0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libndr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libnetapi-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libnetapi0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libnetapi0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-credentials-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-credentials0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-credentials0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-errors-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-errors0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-errors0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-hostconfig-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-hostconfig0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-hostconfig0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-passdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-passdb0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-passdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-policy-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-policy0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-util0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamba-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamdb0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsamdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbconf-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbconf0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbconf0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbldap-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbldap2-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libsmbldap2-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libtevent-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libtevent-util0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libtevent-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libwbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libwbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libwbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-client-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-client-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-core-devel-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-debugsource-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-libs-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-libs-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-winbind-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"samba-winbind-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }
NASL family Misc. NASL id SAMBA_4_6_15.NASL description The version of Samba running on the remote host is 4.6.x prior to 4.6.16, or 4.7.x prior to 4.7.9, or 4.8.x prior to 4.8.4. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 111974 published 2018-08-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111974 title 4.6.x < 4.6.16 / 4.7.x < 4.7.9 / 4.8.x < 4.8.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(111974); script_version("1.6"); script_cvs_date("Date: 2019/11/04"); script_cve_id( "CVE-2018-1139", "CVE-2018-1140", "CVE-2018-10858", "CVE-2018-10918", "CVE-2018-10919" ); script_bugtraq_id( 105081, 105082, 105083, 105084, 105085 ); script_name(english:"4.6.x < 4.6.16 / 4.7.x < 4.7.9 / 4.8.x < 4.8.4 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Samba."); script_set_attribute(attribute:"synopsis", value: "The remote Samba server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Samba running on the remote host is 4.6.x prior to 4.6.16, or 4.7.x prior to 4.7.9, or 4.8.x prior to 4.8.4. It is, therefore, affected by multiple vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1139.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-1140.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-10919.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-10918.html"); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/security/CVE-2018-10858.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Samba version 4.6.16 / 4.7.9 / 4.8.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10858"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/14"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_kb_item("SMB/transport"); if (!port) port = 445; lanman = get_kb_item_or_exit("SMB/NativeLanManager"); if ("Samba " >!< lanman) audit(AUDIT_NOT_LISTEN, "Samba", port); version = lanman - 'Samba '; if (version =~ "^4(\.[0-8])?$") audit(AUDIT_VER_NOT_GRANULAR, "Samba", port, version); fix = NULL; regexes = make_array(-2, "a(\d+)", -1, "rc(\d+)"); # Affected : # Note versions prior to 4.4 are EoL # 4.6.x < 4.6.16 # 4.7.x < 4.7.9 # 4.8.x < 4.8.4 if (version =~ "^4\.6\.") fix = '4.6.16'; else if (version =~ "^4\.7\.") fix = '4.7.9'; else if (version =~ "^4\.8\.") fix = '4.8.4'; if ( !isnull(fix) && (ver_compare(ver:version, fix:fix, regexes:regexes) < 0) && (ver_compare(ver:version, fix:'4.0.0', regexes:regexes) >= 0) ) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); } else audit(AUDIT_LISTEN_NOT_VULN, "Samba", port, version);
NASL family Fedora Local Security Checks NASL id FEDORA_2018-BC22D6C7BC.NASL description Update to Samba 4.8.4, Security fix for CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120746 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120746 title Fedora 28 : 2:samba / libldb (2018-bc22d6c7bc) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-bc22d6c7bc. # include("compat.inc"); if (description) { script_id(120746); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-10858", "CVE-2018-10918", "CVE-2018-10919", "CVE-2018-1139", "CVE-2018-1140"); script_xref(name:"FEDORA", value:"2018-bc22d6c7bc"); script_name(english:"Fedora 28 : 2:samba / libldb (2018-bc22d6c7bc)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Update to Samba 4.8.4, Security fix for CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc22d6c7bc" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:samba and / or libldb packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libldb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/22"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"samba-4.8.4-0.fc28", epoch:"2")) flag++; if (rpm_check(release:"FC28", reference:"libldb-1.4.0-3.fc28.1.3.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba / libldb"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-8E4D871867.NASL description Update to Samba 4.7.9, Security fix for CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-08-22 plugin id 112051 published 2018-08-22 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112051 title Fedora 27 : 2:samba (2018-8e4d871867) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3738-1.NASL description Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-10858) Volker Mauel discovered that Samba incorrectly handled database output. When used as an Active Directory Domain Controller, a remote authenticated attacker could use this issue to cause Samba to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10918) Phillip Kuhrt discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. (CVE-2018-10919) Vivek Das discovered that Samba incorrectly handled NTLMv1 being explicitly disabled on the server. A remote user could possibly be authenticated using NTLMv1, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1139). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111748 published 2018-08-15 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111748 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : samba vulnerabilities (USN-3738-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-617.NASL description This update for samba fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn last seen 2020-06-01 modified 2020-06-02 plugin id 123268 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123268 title openSUSE Security Update : samba (openSUSE-2019-617) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-891.NASL description This update for samba fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn last seen 2020-06-05 modified 2018-08-20 plugin id 112000 published 2018-08-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112000 title openSUSE Security Update : samba (openSUSE-2018-891) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-52.NASL description The remote host is affected by the vulnerability described in GLSA-202003-52 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-03-31 modified 2020-03-26 plugin id 134927 published 2020-03-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134927 title GLSA-202003-52 : Samba: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C4E9A4279FC211E8802A000C29A1E3EC.NASL description The samba project reports : Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which allows authentication using NTLMv1 over an SMB1 transport (either directory or via NETLOGON SamLogon calls from a member server), even when NTLMv1 is explicitly disabled on the server. Missing input sanitization checks on some of the input parameters to LDB database layer cause the LDAP server and DNS server to crash when following a NULL pointer. Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in libsmbclient that could allow a malicious server to overwrite client heap memory by returning an extra long filename in a directory listing. Missing database output checks on the returned directory attributes from the LDB database layer cause the DsCrackNames call in the DRSUAPI server to crash when following a NULL pointer. All versions of the Samba Active Directory LDAP server from 4.0.0 onwards are vulnerable to the disclosure of confidential attribute values, both of attributes where the schema SEARCH_FLAG_CONFIDENTIAL (0x80) searchFlags bit and where an explicit Access Control Entry has been specified on the ntSecurityDescriptor. last seen 2020-06-01 modified 2020-06-02 plugin id 111722 published 2018-08-15 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111722 title FreeBSD : samba -- multiple vulnerabilities (c4e9a427-9fc2-11e8-802a-000c29a1e3ec)
References
- http://www.securityfocus.com/bid/105083
- http://www.securityfocus.com/bid/105083
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10918
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10918
- https://security.gentoo.org/glsa/202003-52
- https://security.gentoo.org/glsa/202003-52
- https://security.netapp.com/advisory/ntap-20180814-0001/
- https://security.netapp.com/advisory/ntap-20180814-0001/
- https://usn.ubuntu.com/3738-1/
- https://usn.ubuntu.com/3738-1/
- https://www.samba.org/samba/security/CVE-2018-10918.html
- https://www.samba.org/samba/security/CVE-2018-10918.html