Vulnerabilities > CVE-2019-10218 - Path Traversal vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

samba

fedoraproject

CWE-22

nessus

NVD

Published: 2019-11-06

Updated: 2023-11-07

Summary

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 4.10.0 Samba Samba 4.10.1 Samba Samba 4.10.2 Samba Samba 4.10.3 Samba Samba 4.10.4 Samba Samba 4.10.5 Samba Samba 4.10.8 Samba Samba 4.10.9 Samba Samba 4.11.0 Samba Samba 4.11.1 Samba Samba - Samba Samba 1.9.17 Samba Samba 1.9.18 Samba Samba 2.0 Samba Samba 2.0.0 Samba Samba 2.0.1 Samba Samba 2.0.2 Samba Samba 2.0.3 Samba Samba 2.0.4 Samba Samba 2.0.5 Samba Samba 2.0.5A Samba Samba 2.0.6 Samba Samba 2.0.7 Samba Samba 2.0.8 Samba Samba 2.0.9 Samba Samba 2.0.10 Samba Samba 2.2 Samba Samba 2.2.0 Samba Samba 2.2.0A Samba Samba 2.2.1 Samba Samba 2.2.1A Samba Samba 2.2.2 Samba Samba 2.2.3 Samba Samba 2.2.3A Samba Samba 2.2.4 Samba Samba 2.2.5 Samba Samba 2.2.6 Samba Samba 2.2.7 Samba Samba 2.2.7A Samba Samba 2.2.8 Samba Samba 2.2.8A Samba Samba 2.2.9 Samba Samba 2.2.10 Samba Samba 2.2.11 Samba Samba 2.2.12 Samba Samba 2.2A Samba Samba 2.18.3 Samba Samba 3.0 Samba Samba 3.0.0 Samba Samba 3.0.1 Samba Samba 3.0.2 Samba Samba 3.0.2A Samba Samba 3.0.3 Samba Samba 3.0.4 Samba Samba 3.0.5 Samba Samba 3.0.6 Samba Samba 3.0.7 Samba Samba 3.0.8 Samba Samba 3.0.9 Samba Samba 3.0.10 Samba Samba 3.0.11 Samba Samba 3.0.12 Samba Samba 3.0.13 Samba Samba 3.0.14 Samba Samba 3.0.14A Samba Samba 3.0.15 Samba Samba 3.0.16 Samba Samba 3.0.17 Samba Samba 3.0.18 Samba Samba 3.0.19 Samba Samba 3.0.20 Samba Samba 3.0.20A Samba Samba 3.0.20B Samba Samba 3.0.21 Samba Samba 3.0.21A Samba Samba 3.0.21B Samba Samba 3.0.21C Samba Samba 3.0.22 Samba Samba 3.0.23 Samba Samba 3.0.23A Samba Samba 3.0.23B Samba Samba 3.0.23C Samba Samba 3.0.23D Samba Samba 3.0.24 Samba Samba 3.0.25 Samba Samba 3.0.25A Samba Samba 3.0.25B Samba Samba 3.0.25C Samba Samba 3.0.26 Samba Samba 3.0.26A Samba Samba 3.0.27 Samba Samba 3.0.28 Samba Samba 3.0.29 Samba Samba 3.0.30 Samba Samba 3.0.31 Samba Samba 3.0.32 Samba Samba 3.0.33 Samba Samba 3.0.34 Samba Samba 3.0.35 Samba Samba 3.0.36 Samba Samba 3.0.37 Samba Samba 3.1 Samba Samba 3.1.0 Samba Samba 3.2.0 Samba Samba 3.2.1 Samba Samba 3.2.2 Samba Samba 3.2.3 Samba Samba 3.2.4 Samba Samba 3.2.5 Samba Samba 3.2.6 Samba Samba 3.2.7 Samba Samba 3.2.8 Samba Samba 3.2.9 Samba Samba 3.2.10 Samba Samba 3.2.11 Samba Samba 3.2.12 Samba Samba 3.2.13 Samba Samba 3.2.14 Samba Samba 3.2.15 Samba Samba 3.3.0 Samba Samba 3.3.1 Samba Samba 3.3.2 Samba Samba 3.3.3 Samba Samba 3.3.4 Samba Samba 3.3.5 Samba Samba 3.3.6 Samba Samba 3.3.7 Samba Samba 3.3.8 Samba Samba 3.3.9 Samba Samba 3.3.10 Samba Samba 3.3.11 Samba Samba 3.3.12 Samba Samba 3.3.13 Samba Samba 3.3.14 Samba Samba 3.3.15 Samba Samba 3.3.16 Samba Samba 3.4.0 Samba Samba 3.4.1 Samba Samba 3.4.2 Samba Samba 3.4.3 Samba Samba 3.4.4 Samba Samba 3.4.5 Samba Samba 3.4.6 Samba Samba 3.4.7 Samba Samba 3.4.8 Samba Samba 3.4.9 Samba Samba 3.4.10 Samba Samba 3.4.11 Samba Samba 3.4.12 Samba Samba 3.4.13 Samba Samba 3.4.14 Samba Samba 3.4.15 Samba Samba 3.4.16 Samba Samba 3.4.17 Samba Samba 3.5.0 Samba Samba 3.5.1 Samba Samba 3.5.2 Samba Samba 3.5.3 Samba Samba 3.5.4 Samba Samba 3.5.5 Samba Samba 3.5.6 Samba Samba 3.5.7 Samba Samba 3.5.8 Samba Samba 3.5.9 Samba Samba 3.5.10 Samba Samba 3.5.11 Samba Samba 3.5.12 Samba Samba 3.5.13 Samba Samba 3.5.14 Samba Samba 3.5.15 Samba Samba 3.5.16 Samba Samba 3.5.17 Samba Samba 3.5.18 Samba Samba 3.5.19 Samba Samba 3.5.20 Samba Samba 3.5.21 Samba Samba 3.5.22 Samba Samba 3.6.0 Samba Samba 3.6.1 Samba Samba 3.6.2 Samba Samba 3.6.3 Samba Samba 3.6.4 Samba Samba 3.6.5 Samba Samba 3.6.6 Samba Samba 3.6.7 Samba Samba 3.6.8 Samba Samba 3.6.9 Samba Samba 3.6.10 Samba Samba 3.6.11 Samba Samba 3.6.12 Samba Samba 3.6.13 Samba Samba 3.6.14 Samba Samba 3.6.15 Samba Samba 3.6.16 Samba Samba 3.6.17 Samba Samba 3.6.18 Samba Samba 3.6.19 Samba Samba 3.6.20 Samba Samba 3.6.21 Samba Samba 3.6.22 Samba Samba 3.6.23 Samba Samba 3.6.24 Samba Samba 3.6.25 Samba Samba 4.0.0 Samba Samba 4.0.1 Samba Samba 4.0.2 Samba Samba 4.0.3 Samba Samba 4.0.4 Samba Samba 4.0.5 Samba Samba 4.0.6 Samba Samba 4.0.7 Samba Samba 4.0.8 Samba Samba 4.0.9 Samba Samba 4.0.10 Samba Samba 4.0.11 Samba Samba 4.0.12 Samba Samba 4.0.13 Samba Samba 4.0.14 Samba Samba 4.0.15 Samba Samba 4.0.16 Samba Samba 4.0.17 Samba Samba 4.0.18 Samba Samba 4.0.19 Samba Samba 4.0.20 Samba Samba 4.0.21 Samba Samba 4.0.22 Samba Samba 4.0.23 Samba Samba 4.0.24 Samba Samba 4.0.25 Samba Samba 4.0.26 Samba Samba 4.1.0 Samba Samba 4.1.1 Samba Samba 4.1.2 Samba Samba 4.1.3 Samba Samba 4.1.4 Samba Samba 4.1.5 Samba Samba 4.1.6 Samba Samba 4.1.7 Samba Samba 4.1.8 Samba Samba 4.1.9 Samba Samba 4.1.10 Samba Samba 4.1.11 Samba Samba 4.1.12 Samba Samba 4.1.13 Samba Samba 4.1.14 Samba Samba 4.1.15 Samba Samba 4.1.16 Samba Samba 4.1.17 Samba Samba 4.1.18 Samba Samba 4.1.19 Samba Samba 4.1.20 Samba Samba 4.1.21 Samba Samba 4.1.22 Samba Samba 4.1.23 Samba Samba 4.2.0 Samba Samba 4.2.1 Samba Samba 4.2.2 Samba Samba 4.2.3 Samba Samba 4.2.4 Samba Samba 4.2.5 Samba Samba 4.2.6 Samba Samba 4.2.7 Samba Samba 4.2.8 Samba Samba 4.2.9 Samba Samba 4.2.10 Samba Samba 4.2.11 Samba Samba 4.2.12 Samba Samba 4.2.13 Samba Samba 4.2.14 Samba Samba 4.3.0 Samba Samba 4.3.1 Samba Samba 4.3.2 Samba Samba 4.3.3 Samba Samba 4.3.4 Samba Samba 4.3.5 Samba Samba 4.3.6 Samba Samba 4.3.7 Samba Samba 4.3.8 Samba Samba 4.3.9 Samba Samba 4.3.10 Samba Samba 4.3.11 Samba Samba 4.3.12 Samba Samba 4.3.13 Samba Samba 4.4.0 Samba Samba 4.4.1 Samba Samba 4.4.2 Samba Samba 4.4.3 Samba Samba 4.4.4 Samba Samba 4.4.5 Samba Samba 4.4.6 Samba Samba 4.4.7 Samba Samba 4.4.8 Samba Samba 4.4.9 Samba Samba 4.4.10 Samba Samba 4.4.11 Samba Samba 4.4.12 Samba Samba 4.4.13 Samba Samba 4.4.14 Samba Samba 4.4.15 Samba Samba 4.4.16 Samba Samba 4.5.0 Samba Samba 4.5.1 Samba Samba 4.5.2 Samba Samba 4.5.3 Samba Samba 4.5.4 Samba Samba 4.5.5 Samba Samba 4.5.6 Samba Samba 4.5.7 Samba Samba 4.5.8 Samba Samba 4.5.9 Samba Samba 4.5.10 Samba Samba 4.5.11 Samba Samba 4.5.12 Samba Samba 4.5.13 Samba Samba 4.5.14 Samba Samba 4.5.15 Samba Samba 4.5.16 Samba Samba 4.6.0 Samba Samba 4.6.1 Samba Samba 4.6.2 Samba Samba 4.6.3 Samba Samba 4.6.4 Samba Samba 4.6.5 Samba Samba 4.6.6 Samba Samba 4.6.7 Samba Samba 4.6.8 Samba Samba 4.6.9 Samba Samba 4.6.10 Samba Samba 4.6.11 Samba Samba 4.6.12 Samba Samba 4.6.13 Samba Samba 4.6.14 Samba Samba 4.6.15 Samba Samba 4.6.16 Samba Samba 4.7.0 Samba Samba 4.7.1 Samba Samba 4.7.2 Samba Samba 4.7.3 Samba Samba 4.7.4 Samba Samba 4.7.5 Samba Samba 4.7.6 Samba Samba 4.7.7 Samba Samba 4.7.8 Samba Samba 4.7.9 Samba Samba 4.7.10 Samba Samba 4.7.11 Samba Samba 4.7.12 Samba Samba 4.8.0 Samba Samba 4.8.1 Samba Samba 4.8.2 Samba Samba 4.8.3 Samba Samba 4.8.4 Samba Samba 4.8.5 Samba Samba 4.8.6 Samba Samba 4.8.7 Samba Samba 4.8.8 Samba Samba 4.8.9 Samba Samba 4.8.10 Samba Samba 4.8.11 Samba Samba 4.8.12 Samba Samba 4.9.0 Samba Samba 4.9.1 Samba Samba 4.9.2 Samba Samba 4.9.3 Samba Samba 4.9.4 Samba Samba 4.9.5 Samba Samba 4.9.6 Samba Samba 4.9.7 Samba Samba 4.9.8 Samba Samba 4.9.9 Samba Samba 4.9.10 Samba Samba 4.9.11 Samba Samba 4.9.12 Samba Samba 4.9.13 Samba Samba 4.9.14	475
OS	Fedoraproject Fedoraproject Fedora 29 Fedoraproject Fedora 31	2

Common Weakness Enumeration (CWE)

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Common Attack Pattern Enumeration and Classification (CAPEC)

Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
Directory Traversal
An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
File System Function Injection, Content Based
An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
Using Slashes and URL Encoding Combined to Bypass Validation Logic
This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
Manipulating Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-0943.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0943 advisory. - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) - samba: Crash after failed character conversion at log level 3 or above (CVE-2019-14907) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-03-24
plugin id	134860
published	2020-03-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134860
title	RHEL 7 : samba (RHSA-2020:0943)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0943. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(134860); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21"); script_cve_id("CVE-2019-10218", "CVE-2019-14907"); script_xref(name:"RHSA", value:"2020:0943"); script_name(english:"RHEL 7 : samba (RHSA-2020:0943)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0943 advisory. - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) - samba: Crash after failed character conversion at log level 3 or above (CVE-2019-14907) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0943"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10218"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-14907"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1731906"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1776952"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1784827"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796074"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1804165"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1810395"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10218"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(22, 125); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:storage:3.5"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:storage:3.5:samba:el7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ctdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtalloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtalloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtdb-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtevent-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-talloc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-talloc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-tdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-tevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tdb-tools"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'ctdb-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libsmbclient-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libsmbclient-devel-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libtalloc-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libtalloc-devel-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libtdb-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libtdb-devel-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libtevent-0.10.0-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libtevent-devel-0.10.0-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libwbclient-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'libwbclient-devel-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'python3-samba-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'python3-talloc-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'python3-talloc-devel-2.2.0-9.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'python3-tdb-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'python3-tevent-0.10.0-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-client-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-client-libs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-common-4.11.6-104.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-common-libs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-common-tools-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-devel-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-krb5-printing-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-libs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-pidl-4.11.6-104.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-vfs-glusterfs-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-winbind-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-winbind-clients-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-winbind-krb5-locator-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'samba-winbind-modules-4.11.6-104.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE}, {'reference':'tdb-tools-1.4.2-4.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string=NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / etc'); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-2547.NASL
description	According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-08
modified	2019-12-09
plugin id	131821
published	2019-12-09
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131821
title	EulerOS 2.0 SP5 : samba (EulerOS-SA-2019-2547)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131821); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2019-10218", "CVE-2019-14833", "CVE-2019-14847" ); script_name(english:"EulerOS 2.0 SP5 : samba (EulerOS-SA-2019-2547)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2547 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bab6fc12"); script_set_attribute(attribute:"solution", value: "Update the affected samba packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libsmbclient-4.7.1-9.h13.eulerosv2r7", "libwbclient-4.7.1-9.h13.eulerosv2r7", "samba-4.7.1-9.h13.eulerosv2r7", "samba-client-4.7.1-9.h13.eulerosv2r7", "samba-client-libs-4.7.1-9.h13.eulerosv2r7", "samba-common-4.7.1-9.h13.eulerosv2r7", "samba-common-libs-4.7.1-9.h13.eulerosv2r7", "samba-common-tools-4.7.1-9.h13.eulerosv2r7", "samba-libs-4.7.1-9.h13.eulerosv2r7", "samba-python-4.7.1-9.h13.eulerosv2r7", "samba-winbind-4.7.1-9.h13.eulerosv2r7", "samba-winbind-clients-4.7.1-9.h13.eulerosv2r7", "samba-winbind-modules-4.7.1-9.h13.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-703E299870.NASL
description	Update to Samba 4.9.15 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131040
published	2019-11-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131040
title	Fedora 29 : 2:samba (2019-703e299870)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-703e299870. # include("compat.inc"); if (description) { script_id(131040); script_version("1.3"); script_cvs_date("Date: 2019/12/12"); script_cve_id("CVE-2019-10218", "CVE-2019-14833", "CVE-2019-14847"); script_xref(name:"FEDORA", value:"2019-703e299870"); script_name(english:"Fedora 29 : 2:samba (2019-703e299870)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to Samba 4.9.15 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-703e299870" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:samba package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14833"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"samba-4.9.15-0.fc29", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200407_SAMBA_ON_SL7_X.NASL
description	* samba: Combination of parameters and permissions can allow user to escape from the share path definition * samba: smb client vulnerable to filenames containing path separators
last seen	2020-04-30
modified	2020-04-21
plugin id	135836
published	2020-04-21
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135836
title	Scientific Linux Security Update : samba on SL7.x x86_64 (20200407)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(135836); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24"); script_cve_id("CVE-2019-10197", "CVE-2019-10218"); script_name(english:"Scientific Linux Security Update : samba on SL7.x x86_64 (20200407)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "* samba: Combination of parameters and permissions can allow user to escape from the share path definition * samba: smb client vulnerable to filenames containing path separators" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=10828 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?79f8539d" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwbclient-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-client-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-common-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-dc-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-krb5-printing"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-pidl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-python-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-test-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libsmbclient-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwbclient-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-client-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", reference:"samba-common-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-common-tools-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-dc-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-debuginfo-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-devel-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-krb5-printing-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", reference:"samba-pidl-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-python-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-python-test-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-test-libs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-vfs-glusterfs-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-clients-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-krb5-locator-4.10.4-10.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"samba-winbind-modules-4.10.4-10.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsmbclient / libsmbclient-devel / libwbclient / libwbclient-devel / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2890-1.NASL
description	This update for samba fixes the following issues : CVE-2019-10218: Client code can return filenames containing path separators (bsc#1144902). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	130512
published	2019-11-05
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130512
title	SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2019:2890-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_50A1BBC9FB8011E99E70005056A311D1.NASL
description	The samba project reports : Malicious servers can cause Samba client code to return filenames containing path separators to calling code. When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string. Users with the
last seen	2020-06-01
modified	2020-06-02
plugin id	130439
published	2019-11-01
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130439
title	FreeBSD : samba -- multiple vulnerabilities (50a1bbc9-fb80-11e9-9e70-005056a311d1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2442.NASL
description	This update for provides the following fixes : Following security issues were fixed : - CVE-2019-14847: User with
last seen	2020-06-01
modified	2020-06-02
plugin id	130581
published	2019-11-06
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130581
title	openSUSE Security Update : samba (openSUSE-2019-2442)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1231.NASL
description	According to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-19
modified	2020-03-13
plugin id	134520
published	2020-03-13
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134520
title	EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2020-1231)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2020-1084.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-06
modified	2020-04-10
plugin id	135334
published	2020-04-10
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135334
title	CentOS 7 : samba (CESA-2020:1084)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2875-1.NASL
description	This update for samba fixes the following issues : CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	130451
published	2019-11-01
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130451
title	SUSE SLES12 Security Update : samba (SUSE-SU-2019:2875-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-57D43F3B58.NASL
description	Update code to deal with removal of DES support in MIT Kerberos. ---- Update to Samba 4.11.2 - Security fixes for CVE-2019-10218, CVE-2019-14833 ---- Since MIT Kerberos deprecated use of DES encryption type, restore Samba AD domain controller functionality by not using DES encryption keys. Only AES and RC4 keys would work. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	130987
published	2019-11-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130987
title	Fedora 31 : 2:samba (2019-57d43f3b58)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2893-1.NASL
description	This update for samba fixes the following issue : CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	130583
published	2019-11-06
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130583
title	SUSE SLES12 Security Update : samba (SUSE-SU-2019:2893-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4167-1.NASL
description	Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Bjorn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. A remote attacker with
last seen	2020-06-01
modified	2020-06-02
plugin id	130392
published	2019-10-30
reporter	Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130392
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : samba vulnerabilities (USN-4167-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2458.NASL
description	This update for samba fixes the following issues : Security issues fixed : - CVE-2019-14847: User with
last seen	2020-06-01
modified	2020-06-02
plugin id	130889
published	2019-11-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130889
title	openSUSE Security Update : samba (openSUSE-2019-2458)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1084.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1084 advisory. - samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) - samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-23
modified	2020-04-01
plugin id	135054
published	2020-04-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135054
title	RHEL 7 : samba (RHSA-2020:1084)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1270.NASL
description	According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.(CVE-2019-14847) - A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.(CVE-2019-14833) - A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.(CVE-2019-10218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-26
modified	2020-03-20
plugin id	134736
published	2020-03-20
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134736
title	EulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2020-1270)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2866-1.NASL
description	This update for provides the following fixes : Following security issues were fixed : CVE-2019-14847: User with
last seen	2020-06-01
modified	2020-06-02
plugin id	130425
published	2019-10-31
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130425
title	SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2866-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2868-1.NASL
description	This update for samba fixes the following issues : Security issues fixed : CVE-2019-14847: User with
last seen	2020-06-01
modified	2020-06-02
plugin id	130426
published	2019-10-31
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130426
title	SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2868-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1040.NASL
description	According to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation
last seen	2020-06-01
modified	2020-06-02
plugin id	132794
published	2020-01-13
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132794
title	EulerOS Virtualization for ARM 64 3.0.5.0 : samba (EulerOS-SA-2020-1040)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1032.NASL
description	According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba
last seen	2020-05-03
modified	2020-01-02
plugin id	132625
published	2020-01-02
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132625
title	EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-1032)

Redhat

advisories

bugzilla

id	1763137
title	CVE-2019-10218 samba: smb client vulnerable to filenames containing path separators

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment samba-dc is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084001
comment samba-dc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258002
AND
comment samba is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084003
comment samba is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258022

AND

comment libwbclient-devel is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084005
comment libwbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258048

AND

comment libsmbclient-devel is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084007
comment libsmbclient-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258034

AND
comment samba-common is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084009
comment samba-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258006

AND

comment samba-winbind-modules is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084011
comment samba-winbind-modules is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258024

AND

comment samba-winbind-clients is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084013
comment samba-winbind-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258018

AND
comment samba-winbind is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084015
comment samba-winbind is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258010
AND
comment samba-libs is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084017
comment samba-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258008

AND

comment samba-common-tools is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084019
comment samba-common-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258030

AND

comment samba-common-libs is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084021
comment samba-common-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258020

AND

comment samba-client-libs is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084023
comment samba-client-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258028

AND
comment samba-client is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084025
comment samba-client is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258014
AND
comment libwbclient is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084027
comment libwbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258016
AND
comment libsmbclient is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084029
comment libsmbclient is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258012
AND
comment samba-pidl is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084031
comment samba-pidl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258032

AND

comment samba-winbind-krb5-locator is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084033
comment samba-winbind-krb5-locator is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258004

AND

comment samba-vfs-glusterfs is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084035
comment samba-vfs-glusterfs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258042

AND

comment samba-test-libs is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084037
comment samba-test-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258040

AND
comment samba-test is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084039
comment samba-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258044

AND

comment samba-python-test is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084041
comment samba-python-test is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20183056040

AND
comment samba-python is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084043
comment samba-python is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258026
AND
comment samba-devel is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084045
comment samba-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258038
AND
comment samba-dc-libs is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084047
comment samba-dc-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258036

AND

comment samba-krb5-printing is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084049
comment samba-krb5-printing is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171265018

AND
comment ctdb-tests is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084051
comment ctdb-tests is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258054
AND
comment ctdb is earlier than 0:4.10.4-10.el7
oval oval:com.redhat.rhsa:tst:20201084053
comment ctdb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152258050

rhsa

id	RHSA-2020:1084
released	2020-03-31
severity	Moderate
title	RHSA-2020:1084: samba security, bug fix, and enhancement update (Moderate)

rpms

ctdb-0:4.11.6-104.el7rhgs
libsmbclient-0:4.11.6-104.el7rhgs
libsmbclient-devel-0:4.11.6-104.el7rhgs
libtalloc-0:2.2.0-9.el7rhgs
libtalloc-debuginfo-0:2.2.0-9.el7rhgs
libtalloc-devel-0:2.2.0-9.el7rhgs
libtdb-0:1.4.2-4.el7rhgs
libtdb-debuginfo-0:1.4.2-4.el7rhgs
libtdb-devel-0:1.4.2-4.el7rhgs
libtevent-0:0.10.0-4.el7rhgs
libtevent-debuginfo-0:0.10.0-4.el7rhgs
libtevent-devel-0:0.10.0-4.el7rhgs
libwbclient-0:4.11.6-104.el7rhgs
libwbclient-devel-0:4.11.6-104.el7rhgs
python3-samba-0:4.11.6-104.el7rhgs
python3-talloc-0:2.2.0-9.el7rhgs
python3-talloc-devel-0:2.2.0-9.el7rhgs
python3-tdb-0:1.4.2-4.el7rhgs
python3-tevent-0:0.10.0-4.el7rhgs
samba-0:4.11.6-104.el7rhgs
samba-client-0:4.11.6-104.el7rhgs
samba-client-libs-0:4.11.6-104.el7rhgs
samba-common-0:4.11.6-104.el7rhgs
samba-common-libs-0:4.11.6-104.el7rhgs
samba-common-tools-0:4.11.6-104.el7rhgs
samba-debuginfo-0:4.11.6-104.el7rhgs
samba-devel-0:4.11.6-104.el7rhgs
samba-krb5-printing-0:4.11.6-104.el7rhgs
samba-libs-0:4.11.6-104.el7rhgs
samba-pidl-0:4.11.6-104.el7rhgs
samba-vfs-glusterfs-0:4.11.6-104.el7rhgs
samba-winbind-0:4.11.6-104.el7rhgs
samba-winbind-clients-0:4.11.6-104.el7rhgs
samba-winbind-krb5-locator-0:4.11.6-104.el7rhgs
samba-winbind-modules-0:4.11.6-104.el7rhgs
tdb-tools-0:1.4.2-4.el7rhgs
ctdb-0:4.10.4-10.el7
ctdb-tests-0:4.10.4-10.el7
libsmbclient-0:4.10.4-10.el7
libsmbclient-devel-0:4.10.4-10.el7
libwbclient-0:4.10.4-10.el7
libwbclient-devel-0:4.10.4-10.el7
samba-0:4.10.4-10.el7
samba-client-0:4.10.4-10.el7
samba-client-libs-0:4.10.4-10.el7
samba-common-0:4.10.4-10.el7
samba-common-libs-0:4.10.4-10.el7
samba-common-tools-0:4.10.4-10.el7
samba-dc-0:4.10.4-10.el7
samba-dc-libs-0:4.10.4-10.el7
samba-debuginfo-0:4.10.4-10.el7
samba-devel-0:4.10.4-10.el7
samba-krb5-printing-0:4.10.4-10.el7
samba-libs-0:4.10.4-10.el7
samba-pidl-0:4.10.4-10.el7
samba-python-0:4.10.4-10.el7
samba-python-test-0:4.10.4-10.el7
samba-test-0:4.10.4-10.el7
samba-test-libs-0:4.10.4-10.el7
samba-vfs-glusterfs-0:4.10.4-10.el7
samba-winbind-0:4.10.4-10.el7
samba-winbind-clients-0:4.10.4-10.el7
samba-winbind-krb5-locator-0:4.10.4-10.el7
samba-winbind-modules-0:4.10.4-10.el7
ctdb-0:4.11.2-13.el8
ctdb-debuginfo-0:4.11.2-13.el8
ctdb-tests-0:4.11.2-13.el8
ctdb-tests-debuginfo-0:4.11.2-13.el8
libsmbclient-0:4.11.2-13.el8
libsmbclient-debuginfo-0:4.11.2-13.el8
libsmbclient-devel-0:4.11.2-13.el8
libwbclient-0:4.11.2-13.el8
libwbclient-debuginfo-0:4.11.2-13.el8
libwbclient-devel-0:4.11.2-13.el8
openchange-0:2.3-24.el8
openchange-client-debuginfo-0:2.3-24.el8
openchange-debuginfo-0:2.3-24.el8
openchange-debugsource-0:2.3-24.el8
python3-samba-0:4.11.2-13.el8
python3-samba-debuginfo-0:4.11.2-13.el8
python3-samba-test-0:4.11.2-13.el8
samba-0:4.11.2-13.el8
samba-client-0:4.11.2-13.el8
samba-client-debuginfo-0:4.11.2-13.el8
samba-client-libs-0:4.11.2-13.el8
samba-client-libs-debuginfo-0:4.11.2-13.el8
samba-common-0:4.11.2-13.el8
samba-common-libs-0:4.11.2-13.el8
samba-common-libs-debuginfo-0:4.11.2-13.el8
samba-common-tools-0:4.11.2-13.el8
samba-common-tools-debuginfo-0:4.11.2-13.el8
samba-debuginfo-0:4.11.2-13.el8
samba-debugsource-0:4.11.2-13.el8
samba-krb5-printing-0:4.11.2-13.el8
samba-krb5-printing-debuginfo-0:4.11.2-13.el8
samba-libs-0:4.11.2-13.el8
samba-libs-debuginfo-0:4.11.2-13.el8
samba-pidl-0:4.11.2-13.el8
samba-test-0:4.11.2-13.el8
samba-test-debuginfo-0:4.11.2-13.el8
samba-test-libs-0:4.11.2-13.el8
samba-test-libs-debuginfo-0:4.11.2-13.el8
samba-vfs-glusterfs-debuginfo-0:4.11.2-13.el8
samba-winbind-0:4.11.2-13.el8
samba-winbind-clients-0:4.11.2-13.el8
samba-winbind-clients-debuginfo-0:4.11.2-13.el8
samba-winbind-debuginfo-0:4.11.2-13.el8
samba-winbind-krb5-locator-0:4.11.2-13.el8
samba-winbind-krb5-locator-debuginfo-0:4.11.2-13.el8
samba-winbind-modules-0:4.11.2-13.el8
samba-winbind-modules-debuginfo-0:4.11.2-13.el8

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

References