Vulnerabilities > CVE-2019-10218 - Path Traversal vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
samba
fedoraproject
CWE-22
nessus

Summary

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Vulnerable Configurations

Part Description Count
Application
Samba
475
OS
Fedoraproject
2

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0943.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0943 advisory. - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) - samba: Crash after failed character conversion at log level 3 or above (CVE-2019-14907) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-24
    plugin id134860
    published2020-03-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134860
    titleRHEL 7 : samba (RHSA-2020:0943)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0943. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(134860);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2019-10218", "CVE-2019-14907");
      script_xref(name:"RHSA", value:"2020:0943");
    
      script_name(english:"RHEL 7 : samba (RHSA-2020:0943)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:0943 advisory.
    
      - samba: smb client vulnerable to filenames containing
        path separators (CVE-2019-10218)
    
      - samba: Crash after failed character conversion at log
        level 3 or above (CVE-2019-14907)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0943");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10218");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-14907");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1731906");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1776952");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1784827");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796074");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1804165");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1810395");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10218");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(22, 125);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:storage:3.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:storage:3.5:samba:el7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtalloc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtalloc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtdb-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtevent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtevent-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-talloc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-talloc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-tdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-tevent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-pidl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tdb-tools");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'ctdb-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libsmbclient-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libsmbclient-devel-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libtalloc-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libtalloc-devel-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libtdb-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libtdb-devel-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libtevent-0.10.0-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libtevent-devel-0.10.0-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libwbclient-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libwbclient-devel-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'python3-samba-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'python3-talloc-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'python3-talloc-devel-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'python3-tdb-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'python3-tevent-0.10.0-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-client-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-client-libs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-common-4.11.6-104.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-common-libs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-common-tools-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-devel-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-krb5-printing-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-libs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-pidl-4.11.6-104.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-vfs-glusterfs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-winbind-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-winbind-clients-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-winbind-krb5-locator-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'samba-winbind-modules-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'tdb-tools-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string=NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / etc');
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2547.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-09
    plugin id131821
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131821
    titleEulerOS 2.0 SP5 : samba (EulerOS-SA-2019-2547)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131821);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2019-10218",
        "CVE-2019-14833",
        "CVE-2019-14847"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : samba (EulerOS-SA-2019-2547)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the samba packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - A flaw was found in the samba client, all samba
        versions before samba 4.11.2, 4.10.10 and 4.9.15, where
        a malicious server can supply a pathname to the client
        with separators. This could allow the client to access
        files and folders outside of the SMB network pathnames.
        An attacker could use this vulnerability to create
        files outside of the current working directory using
        the privileges of the client user.(CVE-2019-10218)
    
      - A flaw was found in Samba, all versions starting samba
        4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2,
        in the way it handles a user password change or a new
        password for a samba user. The Samba Active Directory
        Domain Controller can be configured to use a custom
        script to check for password complexity. This
        configuration can fail to verify password complexity
        when non-ASCII characters are used in the password,
        which could lead to weak passwords being set for samba
        users, making it vulnerable to dictionary
        attacks.(CVE-2019-14833)
    
      - A flaw was found in samba 4.0.0 before samba 4.9.15 and
        samba 4.10.x before 4.10.10. An attacker can crash AD
        DC LDAP server via dirsync resulting in denial of
        service. Privilege escalation is not possible with this
        issue.(CVE-2019-14847)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2547
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bab6fc12");
      script_set_attribute(attribute:"solution", value:
    "Update the affected samba packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libsmbclient-4.7.1-9.h13.eulerosv2r7",
            "libwbclient-4.7.1-9.h13.eulerosv2r7",
            "samba-4.7.1-9.h13.eulerosv2r7",
            "samba-client-4.7.1-9.h13.eulerosv2r7",
            "samba-client-libs-4.7.1-9.h13.eulerosv2r7",
            "samba-common-4.7.1-9.h13.eulerosv2r7",
            "samba-common-libs-4.7.1-9.h13.eulerosv2r7",
            "samba-common-tools-4.7.1-9.h13.eulerosv2r7",
            "samba-libs-4.7.1-9.h13.eulerosv2r7",
            "samba-python-4.7.1-9.h13.eulerosv2r7",
            "samba-winbind-4.7.1-9.h13.eulerosv2r7",
            "samba-winbind-clients-4.7.1-9.h13.eulerosv2r7",
            "samba-winbind-modules-4.7.1-9.h13.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-703E299870.NASL
    descriptionUpdate to Samba 4.9.15 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131040
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131040
    titleFedora 29 : 2:samba (2019-703e299870)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-703e299870.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131040);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2019-10218", "CVE-2019-14833", "CVE-2019-14847");
      script_xref(name:"FEDORA", value:"2019-703e299870");
    
      script_name(english:"Fedora 29 : 2:samba (2019-703e299870)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to Samba 4.9.15 - Security fixes for CVE-2019-10218,
    CVE-2019-14833, CVE-2019-14847
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-703e299870"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:samba package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14833");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"samba-4.9.15-0.fc29", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_SAMBA_ON_SL7_X.NASL
    description* samba: Combination of parameters and permissions can allow user to escape from the share path definition * samba: smb client vulnerable to filenames containing path separators
    last seen2020-04-30
    modified2020-04-21
    plugin id135836
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135836
    titleScientific Linux Security Update : samba on SL7.x x86_64 (20200407)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135836);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");
    
      script_cve_id("CVE-2019-10197", "CVE-2019-10218");
    
      script_name(english:"Scientific Linux Security Update : samba on SL7.x x86_64 (20200407)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "* samba: Combination of parameters and permissions can allow user to
    escape from the share path definition * samba: smb client vulnerable
    to filenames containing path separators"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=10828
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?79f8539d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-krb5-printing");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-pidl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-python-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-devel-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-devel-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-libs-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"samba-common-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-libs-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-tools-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-libs-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-debuginfo-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-devel-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-krb5-printing-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-libs-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"samba-pidl-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-python-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-python-test-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-libs-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-clients-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.10.4-10.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-modules-4.10.4-10.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / libwbclient / libwbclient-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2890-1.NASL
    descriptionThis update for samba fixes the following issues : CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130512
    published2019-11-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130512
    titleSUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2019:2890-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_50A1BBC9FB8011E99E70005056A311D1.NASL
    descriptionThe samba project reports : Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string. Users with the
    last seen2020-06-01
    modified2020-06-02
    plugin id130439
    published2019-11-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130439
    titleFreeBSD : samba -- multiple vulnerabilities (50a1bbc9-fb80-11e9-9e70-005056a311d1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2442.NASL
    descriptionThis update for provides the following fixes : Following security issues were fixed : - CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130581
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130581
    titleopenSUSE Security Update : samba (openSUSE-2019-2442)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1231.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134520
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134520
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2020-1231)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1084.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135334
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135334
    titleCentOS 7 : samba (CESA-2020:1084)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2875-1.NASL
    descriptionThis update for samba fixes the following issues : CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130451
    published2019-11-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130451
    titleSUSE SLES12 Security Update : samba (SUSE-SU-2019:2875-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-57D43F3B58.NASL
    descriptionUpdate code to deal with removal of DES support in MIT Kerberos. ---- Update to Samba 4.11.2 - Security fixes for CVE-2019-10218, CVE-2019-14833 ---- Since MIT Kerberos deprecated use of DES encryption type, restore Samba AD domain controller functionality by not using DES encryption keys. Only AES and RC4 keys would work. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130987
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130987
    titleFedora 31 : 2:samba (2019-57d43f3b58)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2893-1.NASL
    descriptionThis update for samba fixes the following issue : CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130583
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130583
    titleSUSE SLES12 Security Update : samba (SUSE-SU-2019:2893-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4167-1.NASL
    descriptionMichael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Bjorn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A remote attacker with
    last seen2020-06-01
    modified2020-06-02
    plugin id130392
    published2019-10-30
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130392
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : samba vulnerabilities (USN-4167-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2458.NASL
    descriptionThis update for samba fixes the following issues : Security issues fixed : - CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130889
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130889
    titleopenSUSE Security Update : samba (openSUSE-2019-2458)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1084.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135054
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135054
    titleRHEL 7 : samba (RHSA-2020:1084)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1270.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-20
    plugin id134736
    published2020-03-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134736
    titleEulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2020-1270)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2866-1.NASL
    descriptionThis update for provides the following fixes : Following security issues were fixed : CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130425
    published2019-10-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130425
    titleSUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2866-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2868-1.NASL
    descriptionThis update for samba fixes the following issues : Security issues fixed : CVE-2019-14847: User with
    last seen2020-06-01
    modified2020-06-02
    plugin id130426
    published2019-10-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130426
    titleSUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2868-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1040.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation
    last seen2020-06-01
    modified2020-06-02
    plugin id132794
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132794
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : samba (EulerOS-SA-2020-1040)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1032.NASL
    descriptionAccording to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba
    last seen2020-05-03
    modified2020-01-02
    plugin id132625
    published2020-01-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132625
    titleEulerOS 2.0 SP8 : samba (EulerOS-SA-2020-1032)

Redhat

advisories
bugzilla
id1763137
titleCVE-2019-10218 samba: smb client vulnerable to filenames containing path separators
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentsamba-dc is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084001
        • commentsamba-dc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258002
      • AND
        • commentsamba is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084003
        • commentsamba is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258022
      • AND
        • commentlibwbclient-devel is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084005
        • commentlibwbclient-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258048
      • AND
        • commentlibsmbclient-devel is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084007
        • commentlibsmbclient-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258034
      • AND
        • commentsamba-common is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084009
        • commentsamba-common is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258006
      • AND
        • commentsamba-winbind-modules is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084011
        • commentsamba-winbind-modules is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258024
      • AND
        • commentsamba-winbind-clients is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084013
        • commentsamba-winbind-clients is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258018
      • AND
        • commentsamba-winbind is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084015
        • commentsamba-winbind is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258010
      • AND
        • commentsamba-libs is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084017
        • commentsamba-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258008
      • AND
        • commentsamba-common-tools is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084019
        • commentsamba-common-tools is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258030
      • AND
        • commentsamba-common-libs is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084021
        • commentsamba-common-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258020
      • AND
        • commentsamba-client-libs is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084023
        • commentsamba-client-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258028
      • AND
        • commentsamba-client is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084025
        • commentsamba-client is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258014
      • AND
        • commentlibwbclient is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084027
        • commentlibwbclient is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258016
      • AND
        • commentlibsmbclient is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084029
        • commentlibsmbclient is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258012
      • AND
        • commentsamba-pidl is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084031
        • commentsamba-pidl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258032
      • AND
        • commentsamba-winbind-krb5-locator is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084033
        • commentsamba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258004
      • AND
        • commentsamba-vfs-glusterfs is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084035
        • commentsamba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258042
      • AND
        • commentsamba-test-libs is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084037
        • commentsamba-test-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258040
      • AND
        • commentsamba-test is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084039
        • commentsamba-test is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258044
      • AND
        • commentsamba-python-test is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084041
        • commentsamba-python-test is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20183056040
      • AND
        • commentsamba-python is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084043
        • commentsamba-python is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258026
      • AND
        • commentsamba-devel is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084045
        • commentsamba-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258038
      • AND
        • commentsamba-dc-libs is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084047
        • commentsamba-dc-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258036
      • AND
        • commentsamba-krb5-printing is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084049
        • commentsamba-krb5-printing is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20171265018
      • AND
        • commentctdb-tests is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084051
        • commentctdb-tests is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258054
      • AND
        • commentctdb is earlier than 0:4.10.4-10.el7
          ovaloval:com.redhat.rhsa:tst:20201084053
        • commentctdb is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152258050
rhsa
idRHSA-2020:1084
released2020-03-31
severityModerate
titleRHSA-2020:1084: samba security, bug fix, and enhancement update (Moderate)
rpms
  • ctdb-0:4.11.6-104.el7rhgs
  • libsmbclient-0:4.11.6-104.el7rhgs
  • libsmbclient-devel-0:4.11.6-104.el7rhgs
  • libtalloc-0:2.2.0-9.el7rhgs
  • libtalloc-debuginfo-0:2.2.0-9.el7rhgs
  • libtalloc-devel-0:2.2.0-9.el7rhgs
  • libtdb-0:1.4.2-4.el7rhgs
  • libtdb-debuginfo-0:1.4.2-4.el7rhgs
  • libtdb-devel-0:1.4.2-4.el7rhgs
  • libtevent-0:0.10.0-4.el7rhgs
  • libtevent-debuginfo-0:0.10.0-4.el7rhgs
  • libtevent-devel-0:0.10.0-4.el7rhgs
  • libwbclient-0:4.11.6-104.el7rhgs
  • libwbclient-devel-0:4.11.6-104.el7rhgs
  • python3-samba-0:4.11.6-104.el7rhgs
  • python3-talloc-0:2.2.0-9.el7rhgs
  • python3-talloc-devel-0:2.2.0-9.el7rhgs
  • python3-tdb-0:1.4.2-4.el7rhgs
  • python3-tevent-0:0.10.0-4.el7rhgs
  • samba-0:4.11.6-104.el7rhgs
  • samba-client-0:4.11.6-104.el7rhgs
  • samba-client-libs-0:4.11.6-104.el7rhgs
  • samba-common-0:4.11.6-104.el7rhgs
  • samba-common-libs-0:4.11.6-104.el7rhgs
  • samba-common-tools-0:4.11.6-104.el7rhgs
  • samba-debuginfo-0:4.11.6-104.el7rhgs
  • samba-devel-0:4.11.6-104.el7rhgs
  • samba-krb5-printing-0:4.11.6-104.el7rhgs
  • samba-libs-0:4.11.6-104.el7rhgs
  • samba-pidl-0:4.11.6-104.el7rhgs
  • samba-vfs-glusterfs-0:4.11.6-104.el7rhgs
  • samba-winbind-0:4.11.6-104.el7rhgs
  • samba-winbind-clients-0:4.11.6-104.el7rhgs
  • samba-winbind-krb5-locator-0:4.11.6-104.el7rhgs
  • samba-winbind-modules-0:4.11.6-104.el7rhgs
  • tdb-tools-0:1.4.2-4.el7rhgs
  • ctdb-0:4.10.4-10.el7
  • ctdb-tests-0:4.10.4-10.el7
  • libsmbclient-0:4.10.4-10.el7
  • libsmbclient-devel-0:4.10.4-10.el7
  • libwbclient-0:4.10.4-10.el7
  • libwbclient-devel-0:4.10.4-10.el7
  • samba-0:4.10.4-10.el7
  • samba-client-0:4.10.4-10.el7
  • samba-client-libs-0:4.10.4-10.el7
  • samba-common-0:4.10.4-10.el7
  • samba-common-libs-0:4.10.4-10.el7
  • samba-common-tools-0:4.10.4-10.el7
  • samba-dc-0:4.10.4-10.el7
  • samba-dc-libs-0:4.10.4-10.el7
  • samba-debuginfo-0:4.10.4-10.el7
  • samba-devel-0:4.10.4-10.el7
  • samba-krb5-printing-0:4.10.4-10.el7
  • samba-libs-0:4.10.4-10.el7
  • samba-pidl-0:4.10.4-10.el7
  • samba-python-0:4.10.4-10.el7
  • samba-python-test-0:4.10.4-10.el7
  • samba-test-0:4.10.4-10.el7
  • samba-test-libs-0:4.10.4-10.el7
  • samba-vfs-glusterfs-0:4.10.4-10.el7
  • samba-winbind-0:4.10.4-10.el7
  • samba-winbind-clients-0:4.10.4-10.el7
  • samba-winbind-krb5-locator-0:4.10.4-10.el7
  • samba-winbind-modules-0:4.10.4-10.el7
  • ctdb-0:4.11.2-13.el8
  • ctdb-debuginfo-0:4.11.2-13.el8
  • ctdb-tests-0:4.11.2-13.el8
  • ctdb-tests-debuginfo-0:4.11.2-13.el8
  • libsmbclient-0:4.11.2-13.el8
  • libsmbclient-debuginfo-0:4.11.2-13.el8
  • libsmbclient-devel-0:4.11.2-13.el8
  • libwbclient-0:4.11.2-13.el8
  • libwbclient-debuginfo-0:4.11.2-13.el8
  • libwbclient-devel-0:4.11.2-13.el8
  • openchange-0:2.3-24.el8
  • openchange-client-debuginfo-0:2.3-24.el8
  • openchange-debuginfo-0:2.3-24.el8
  • openchange-debugsource-0:2.3-24.el8
  • python3-samba-0:4.11.2-13.el8
  • python3-samba-debuginfo-0:4.11.2-13.el8
  • python3-samba-test-0:4.11.2-13.el8
  • samba-0:4.11.2-13.el8
  • samba-client-0:4.11.2-13.el8
  • samba-client-debuginfo-0:4.11.2-13.el8
  • samba-client-libs-0:4.11.2-13.el8
  • samba-client-libs-debuginfo-0:4.11.2-13.el8
  • samba-common-0:4.11.2-13.el8
  • samba-common-libs-0:4.11.2-13.el8
  • samba-common-libs-debuginfo-0:4.11.2-13.el8
  • samba-common-tools-0:4.11.2-13.el8
  • samba-common-tools-debuginfo-0:4.11.2-13.el8
  • samba-debuginfo-0:4.11.2-13.el8
  • samba-debugsource-0:4.11.2-13.el8
  • samba-krb5-printing-0:4.11.2-13.el8
  • samba-krb5-printing-debuginfo-0:4.11.2-13.el8
  • samba-libs-0:4.11.2-13.el8
  • samba-libs-debuginfo-0:4.11.2-13.el8
  • samba-pidl-0:4.11.2-13.el8
  • samba-test-0:4.11.2-13.el8
  • samba-test-debuginfo-0:4.11.2-13.el8
  • samba-test-libs-0:4.11.2-13.el8
  • samba-test-libs-debuginfo-0:4.11.2-13.el8
  • samba-vfs-glusterfs-debuginfo-0:4.11.2-13.el8
  • samba-winbind-0:4.11.2-13.el8
  • samba-winbind-clients-0:4.11.2-13.el8
  • samba-winbind-clients-debuginfo-0:4.11.2-13.el8
  • samba-winbind-debuginfo-0:4.11.2-13.el8
  • samba-winbind-krb5-locator-0:4.11.2-13.el8
  • samba-winbind-krb5-locator-debuginfo-0:4.11.2-13.el8
  • samba-winbind-modules-0:4.11.2-13.el8
  • samba-winbind-modules-debuginfo-0:4.11.2-13.el8

References