Vulnerabilities > CVE-2019-10197 - Path Traversal vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Relative Path Traversal An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
- Directory Traversal An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
- File System Function Injection, Content Based An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
- Using Slashes and URL Encoding Combined to Bypass Validation Logic This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
- Manipulating Input to File System Calls An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20200407_SAMBA_ON_SL7_X.NASL description * samba: Combination of parameters and permissions can allow user to escape from the share path definition * samba: smb client vulnerable to filenames containing path separators last seen 2020-04-30 modified 2020-04-21 plugin id 135836 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135836 title Scientific Linux Security Update : samba on SL7.x x86_64 (20200407) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(135836); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24"); script_cve_id("CVE-2019-10197", "CVE-2019-10218"); script_name(english:"Scientific Linux Security Update : samba on SL7.x x86_64 (20200407)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "* samba: Combination of parameters and permissions can allow user to escape from the share path definition * samba: smb client vulnerable to filenames containing path separators" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=10828 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?79f8539d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-python-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", reference:"samba-common-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-tools-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-debuginfo-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-krb5-printing-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", reference:"samba-pidl-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-python-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-python-test-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-clients-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-modules-4.10.4-10.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / libwbclient / libwbclient-devel / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-E3E521E5B3.NASL description Update to Samba 4.10.8 - Security fixes for CVE-2019-10197 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129034 published 2019-09-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129034 title Fedora 30 : 2:samba (2019-e3e521e5b3) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-e3e521e5b3. # include("compat.inc"); if (description) { script_id(129034); script_version("1.3"); script_cvs_date("Date: 2019/12/27"); script_cve_id("CVE-2019-10197"); script_xref(name:"FEDORA", value:"2019-e3e521e5b3"); script_name(english:"Fedora 30 : 2:samba (2019-e3e521e5b3)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to Samba 4.10.8 - Security fixes for CVE-2019-10197 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e3e521e5b3" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:samba package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"samba-4.10.8-0.fc30", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1084.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-10 plugin id 135334 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135334 title CentOS 7 : samba (CESA-2020:1084) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1084 and # CentOS Errata and Security Advisory 2020:1084 respectively. # include("compat.inc"); if (description) { script_id(135334); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05"); script_cve_id("CVE-2019-10197", "CVE-2019-10218"); script_xref(name:"RHSA", value:"2020:1084"); script_name(english:"CentOS 7 : samba (CESA-2020:1084)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012595.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?534273e4" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10197"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-python-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ctdb-tests-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libsmbclient-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"libwbclient-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-client-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-common-tools-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-dc-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-krb5-printing-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-pidl-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-python-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-python-test-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-test-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-clients-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.10.4-10.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"samba-winbind-modules-4.10.4-10.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-41C7FA478A.NASL description Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129614 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129614 title Fedora 31 : 2:samba / libldb / libtalloc / libtevent (2019-41c7fa478a) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-41c7fa478a. # include("compat.inc"); if (description) { script_id(129614); script_version("1.2"); script_cvs_date("Date: 2019/12/20"); script_cve_id("CVE-2019-10197"); script_xref(name:"FEDORA", value:"2019-41c7fa478a"); script_name(english:"Fedora 31 : 2:samba / libldb / libtalloc / libtevent (2019-41c7fa478a)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Update to Samba 4.11.0 ---- Update to Samba 4.11.0rc4 ---- Update to Samba 4.11.0rc3 - Security fixes for CVE-2019-10197 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-41c7fa478a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libldb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtevent"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"samba-4.11.0-3.fc31", epoch:"2")) flag++; if (rpm_check(release:"FC31", reference:"libldb-2.0.7-1.fc31")) flag++; if (rpm_check(release:"FC31", reference:"libtalloc-2.3.0-1.fc31")) flag++; if (rpm_check(release:"FC31", reference:"libtevent-0.10.1-1.fc31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba / libldb / libtalloc / libtevent"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-EB1E982800.NASL description Update to Samba 4.9.13 - Security fixes for CVE-2019-10197 ---- Update to Samba 4.9.12 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129035 published 2019-09-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129035 title Fedora 29 : 2:samba (2019-eb1e982800) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-eb1e982800. # include("compat.inc"); if (description) { script_id(129035); script_version("1.3"); script_cvs_date("Date: 2019/12/27"); script_cve_id("CVE-2019-10197"); script_xref(name:"FEDORA", value:"2019-eb1e982800"); script_name(english:"Fedora 29 : 2:samba (2019-eb1e982800)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to Samba 4.9.13 - Security fixes for CVE-2019-10197 ---- Update to Samba 4.9.12 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-eb1e982800" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:samba package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"samba-4.9.13-0.fc29", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-52.NASL description The remote host is affected by the vulnerability described in GLSA-202003-52 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-03-31 modified 2020-03-26 plugin id 134927 published 2020-03-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134927 title GLSA-202003-52 : Samba: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-52. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134927); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30"); script_cve_id("CVE-2018-10858", "CVE-2018-10918", "CVE-2018-10919", "CVE-2018-1139", "CVE-2018-1140", "CVE-2018-14629", "CVE-2018-16841", "CVE-2018-16851", "CVE-2018-16852", "CVE-2018-16853", "CVE-2018-16857", "CVE-2018-16860", "CVE-2019-10197", "CVE-2019-14861", "CVE-2019-14870", "CVE-2019-14902", "CVE-2019-14907", "CVE-2019-19344"); script_xref(name:"GLSA", value:"202003-52"); script_name(english:"GLSA-202003-52 : Samba: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-52 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code, cause a Denial of Service condition, conduct a man-in-the-middle attack, or obtain sensitive information. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-52" ); script_set_attribute( attribute:"solution", value: "All Samba 4.9.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/samba-4.9.18' All Samba 4.10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/samba-4.10.13' All Samba 4.11.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/samba-4.11.6'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10858"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/22"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-fs/samba", unaffected:make_list("rge 4.9.18", "rge 4.10.13", "rge 4.11.6"), vulnerable:make_list("lt 4.11.6"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2142.NASL description This update for samba fixes the following issues : Security issue fixed : - CVE-2019-10197: Fixed user escape from share path definition (bsc#1141267). Bug fix : - Prepare for future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059). This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 128964 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128964 title openSUSE Security Update : samba (openSUSE-2019-2142) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-2142. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(128964); script_version("1.2"); script_cvs_date("Date: 2019/12/27"); script_cve_id("CVE-2019-10197"); script_name(english:"openSUSE Security Update : samba (openSUSE-2019-2142)"); script_summary(english:"Check for the openSUSE-2019-2142 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for samba fixes the following issues : Security issue fixed : - CVE-2019-10197: Fixed user escape from share path definition (bsc#1141267). Bug fix : - Prepare for future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059). This update was imported from the SUSE:SLE-15-SP1:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141267" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144059" ); script_set_attribute( attribute:"solution", value:"Update the affected samba packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libndr0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy-python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ad-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ceph"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-client-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-core-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-dsdb-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"ctdb-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ctdb-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ctdb-pcp-pmda-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ctdb-pcp-pmda-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ctdb-tests-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ctdb-tests-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc-binding0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc-binding0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc-samr-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc-samr0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc-samr0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libdcerpc0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-krb5pac-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-krb5pac0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-krb5pac0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-nbt-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-nbt0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-nbt0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-standard-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-standard0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr-standard0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libndr0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libnetapi-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libnetapi0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libnetapi0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-credentials-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-credentials0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-credentials0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-errors-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-errors0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-errors0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-hostconfig-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-hostconfig0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-hostconfig0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-passdb-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-passdb0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-passdb0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-policy-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-policy-python-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-policy-python3-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-policy0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-policy0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-policy0-python3-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-policy0-python3-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-util-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-util0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamba-util0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamdb-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamdb0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsamdb0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbclient-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbclient0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbclient0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbconf-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbconf0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbconf0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbldap-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbldap2-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libsmbldap2-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libtevent-util-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libtevent-util0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libtevent-util0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libwbclient-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libwbclient0-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libwbclient0-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-ad-dc-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-ad-dc-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-client-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-client-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-core-devel-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-debugsource-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-dsdb-modules-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-dsdb-modules-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-libs-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-libs-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-libs-python-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-libs-python-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-libs-python3-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-libs-python3-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-pidl-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-python-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-python-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-python3-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-python3-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-test-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-test-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-winbind-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"samba-winbind-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdcerpc-samr0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdcerpc-samr0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdcerpc0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdcerpc0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr-nbt0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr-nbt0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr-standard0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr-standard0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libndr0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libnetapi0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libnetapi0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-credentials0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-credentials0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-errors0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-errors0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-passdb0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-passdb0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-policy0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-policy0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-policy0-python3-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-policy0-python3-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-util0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamba-util0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamdb0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsamdb0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsmbclient0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsmbclient0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsmbconf0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsmbconf0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsmbldap2-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsmbldap2-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libtevent-util0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libtevent-util0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libwbclient0-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libwbclient0-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-ad-dc-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-ad-dc-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-ceph-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-ceph-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-client-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-client-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-libs-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-libs-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-libs-python-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-libs-python-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-libs-python3-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-libs-python3-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-winbind-32bit-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"samba-winbind-32bit-debuginfo-4.9.5+git.187.71edee57d5a-lp151.2.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-debuginfo / ctdb-pcp-pmda / ctdb-pcp-pmda-debuginfo / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1084.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135054 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135054 title RHEL 7 : samba (RHSA-2020:1084) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1084. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135054); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21"); script_cve_id("CVE-2019-10197", "CVE-2019-10218"); script_xref(name:"RHSA", value:"2020:1084"); script_name(english:"RHEL 7 : samba (RHSA-2020:1084)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1084"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10197"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10218"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1497809"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1595277"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1657428"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1663064"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1714947"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1724991"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1740986"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1753254"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10197"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(22); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::client"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::computenode"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-python-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'ctdb-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'ctdb-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'ctdb-tests-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'ctdb-tests-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'libsmbclient-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'libsmbclient-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'libsmbclient-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'libsmbclient-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'libsmbclient-devel-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'libsmbclient-devel-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'libsmbclient-devel-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'libsmbclient-devel-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'libwbclient-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'libwbclient-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'libwbclient-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'libwbclient-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'libwbclient-devel-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'libwbclient-devel-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'libwbclient-devel-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'libwbclient-devel-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-client-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-client-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-client-libs-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'samba-client-libs-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'samba-client-libs-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-client-libs-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-common-4.10.4-10.el7', 'release':'7'}, {'reference':'samba-common-libs-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-common-libs-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-common-tools-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-common-tools-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-dc-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-dc-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-dc-libs-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-dc-libs-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-devel-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'samba-devel-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'samba-devel-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-devel-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-krb5-printing-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-krb5-printing-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-libs-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'samba-libs-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'samba-libs-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-libs-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-pidl-4.10.4-10.el7', 'release':'7'}, {'reference':'samba-python-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'samba-python-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'samba-python-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-python-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-python-test-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-python-test-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-test-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-test-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-test-libs-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'samba-test-libs-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'samba-test-libs-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-test-libs-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-vfs-glusterfs-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-winbind-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-winbind-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-winbind-clients-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-winbind-clients-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-winbind-krb5-locator-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-winbind-krb5-locator-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'samba-winbind-modules-4.10.4-10.el7', 'cpu':'i686', 'release':'7'}, {'reference':'samba-winbind-modules-4.10.4-10.el7', 'cpu':'s390', 'release':'7'}, {'reference':'samba-winbind-modules-4.10.4-10.el7', 'cpu':'s390x', 'release':'7'}, {'reference':'samba-winbind-modules-4.10.4-10.el7', 'cpu':'x86_64', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / etc'); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4121-1.NASL description Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128507 published 2019-09-04 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128507 title Ubuntu 19.04 : samba vulnerability (USN-4121-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4121-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(128507); script_version("1.6"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2019-10197"); script_xref(name:"USN", value:"4121-1"); script_name(english:"Ubuntu 19.04 : samba vulnerability (USN-4121-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Stefan Metzmacher discovered that the Samba SMB server did not properly prevent clients from escaping outside the share root directory in some situations. An attacker could use this to gain access to files outside of the Samba share, where allowed by the permissions of the underlying filesystem. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4121-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"19.04", pkgname:"samba", pkgver:"2:4.10.0+dfsg-0ubuntu2.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }NASL family Misc. NASL id SAMBA_4_10_8.NASL description The version of Samba running on the remote host is 4.9.x prior to 4.9.13, 4.10.x prior to 4.10.3.8, or 4.11.x prior to 4.11.0rc3. It is, therefore, affected by security bypass vulnerability. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 128549 published 2019-09-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128549 title Samba 4.9.x < 4.9.13 / 4.10.x < 4.10.8 / 4.11.0rc3 Security Bypass (CVE-2019-10197) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128549); script_version("1.3"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2019-10197"); script_name(english:"Samba 4.9.x < 4.9.13 / 4.10.x < 4.10.8 / 4.11.0rc3 Security Bypass (CVE-2019-10197)"); script_summary(english:"Checks the version of Samba."); script_set_attribute(attribute:"synopsis", value: "The remote Samba server is potentially affected by a man in the middle vulnerability."); script_set_attribute(attribute:"description", value: "The version of Samba running on the remote host is 4.9.x prior to 4.9.13, 4.10.x prior to 4.10.3.8, or 4.11.x prior to 4.11.0rc3. It is, therefore, affected by security bypass vulnerability. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://www.samba.org/samba/security/CVE-2019-10197.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0002d667"); script_set_attribute(attribute:"solution", value: "Upgrade to Samba version 4.9.13 / 4.10.8 / 4.11.0rc3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10197"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/06"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('vcf.inc'); include('vcf_extras.inc'); if (report_paranoia < 2) audit(AUDIT_PARANOID); app = vcf::samba::get_app_info(); vcf::check_granularity(app_info:app, sig_segments:3); constraints = [ {'min_version':'4.9.0rc0', 'fixed_version':'4.9.13'}, {'min_version':'4.10.0rc0', 'fixed_version':'4.10.8'}, {'min_version':'4.11.0rc0', 'fixed_version':'4.11.0rc3'} ]; vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3253.NASL description An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.9.8). (BZ#1724261) Security Fix(es) : * samba: Combination of parameters and permissions can allow the user to escape from the share path definition (CVE-2019-10197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Increased performance for Samba vfs_glusterfs when using pthreadpool (BZ# 1743595) * The samba packages have been upgraded to upstream version 4.9.8 which provides a number of bug fixes and enhancements over the previous version. (BZ#1724261) Users of Samba with Red Hat Gluster Storage are advised to upgrade to these updated packages. last seen 2020-06-01 modified 2020-06-02 plugin id 130416 published 2019-10-31 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130416 title RHEL 7 : Gluster Storage Server (RHSA-2019:3253) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_145A3E17CEA211E981E2005056A311D1.NASL description The samba project reports : On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file. last seen 2020-06-01 modified 2020-06-02 plugin id 128492 published 2019-09-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128492 title FreeBSD : samba -- combination of parameters and permissions can allow user to escape from the share path definition (145a3e17-cea2-11e9-81e2-005056a311d1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1040.NASL description According to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation last seen 2020-06-01 modified 2020-06-02 plugin id 132794 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132794 title EulerOS Virtualization for ARM 64 3.0.5.0 : samba (EulerOS-SA-2020-1040) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4513.NASL description Stefan Metzmacher discovered a flaw in Samba, a SMB/CIFS file, print, and login server for Unix. Specific combinations of parameters and permissions can allow user to escape from the share path definition and see the complete last seen 2020-06-01 modified 2020-06-02 plugin id 128479 published 2019-09-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128479 title Debian DSA-4513-1 : samba - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-4023.NASL description An update for samba is now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Samba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.9.8). (BZ#1724260) Security Fix(es) : * samba: Combination of parameters and permissions can allow the user to escape from the share path definition (CVE-2019-10197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * The samba packages have been upgraded to upstream version 4.9.8 which provides a number of bug fixes and enhancements over the previous version. (BZ#1724260) * Previously, CTDB was unable to start due to a missing filesystem directory. In spite of manually creating the directory, CTDB could not function properly due to an incorrect SELinux context. With this update, the rpm package now properly creates the missing directory with the required SELinux context and CTDB starts correctly. (BZ#1772836) Users of Samba with Red Hat Gluster Storage are advised to upgrade to these updated packages. last seen 2020-06-01 modified 2020-06-02 plugin id 131525 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131525 title RHEL 6 : samba (RHSA-2019:4023) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2116.NASL description According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.(CVE-2019-10197) - A null pointer dereference flaw was found in the Samba DNS Management server when used as an Active Directory Domain Controller. A remote attacker could use this flaw to cause a denial of service (application crash).Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.(CVE-2018-16852) - It was found that the last seen 2020-05-03 modified 2019-11-12 plugin id 130825 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130825 title EulerOS 2.0 SP8 : samba (EulerOS-SA-2019-2116)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10197
- https://www.samba.org/samba/security/CVE-2019-10197.html
- https://security.netapp.com/advisory/ntap-20190903-0001/
- https://usn.ubuntu.com/4121-1/
- https://www.debian.org/security/2019/dsa-4513
- https://seclists.org/bugtraq/2019/Sep/4
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00045.html
- https://support.f5.com/csp/article/K69511801
- https://access.redhat.com/errata/RHSA-2019:3253
- https://access.redhat.com/errata/RHSA-2019:4023
- https://security.gentoo.org/glsa/202003-52
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7NYIUZOCIDXWXGWMZ7O5Z7OJ6IX7EAB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56ZUXHGDHPM7S6RVAKULZT5EATS37OKA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6EEKFT24DQI4DMZMSQTLMNZWG4RMZ57/
- https://support.f5.com/csp/article/K69511801?utm_source=f5support&%3Butm_medium=RSS