The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
{"ubuntucve": [{"lastseen": "2021-11-22T21:47:29", "description": "The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x\nbefore 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC\nconnections, which allows man-in-the-middle attackers to perform\nprotocol-downgrade attacks and impersonate users by modifying the\nclient-server data stream, aka \"BADLOCK.\"\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This is known as Badlock\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2016-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2016-2118", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2118"], "modified": "2016-04-12T00:00:00", "id": "UB:CVE-2016-2118", "href": "https://ubuntu.com/security/CVE-2016-2118", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fortinet": [{"lastseen": "2022-04-28T11:51:48", "description": "The Security Account Manager Remote Protocol [MS-SAMR] and the Local Security Authority (Domain Policy) Remote Protocol [MS-LSAD] are both vulnerable to man in the middle attacks. These protocols are typically available on all Windows installations as well as every Samba server.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-04-14T00:00:00", "type": "fortinet", "title": "SAM and LSAD remote protocols man in the middle vulnerability (Badlock)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2118"], "modified": "2016-04-14T00:00:00", "id": "FG-IR-16-007", "href": "https://www.fortiguard.com/psirt/FG-IR-16-007", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7community": [{"lastseen": "2017-05-01T16:52:25", "description": "<!-- [DocumentBodyStart:19e3d185-1b88-423d-89c7-c010d4979ac8] --><div class=\"jive-rendered-content\"><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Why should <span style=\"color: #909090; background-color: black;\">[REDACTED]</span> have all the fun with spiffy codenames for their exploits? As of </span><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fgithub.com%2Frapid7%2Fmetasploit-framework%2Fcommit%2Fb5771b0f727dabfa4df4216a799a8611469b01ba\" rel=\"nofollow\" target=\"_blank\"><span style=\"font-size: 11pt; font-family: Arial; color: #1155cc; text-decoration: underline;\">today</span></a><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">, Metasploit is taking a page from <span style=\"color: #909090; font-family: Arial; font-size: 14.6667px; background-color: #000000;\">[REDACTED]</span>, and equipping all Metasploit modules with equally fear-and-awe-inspiring codenames. Sure, there are catchy names for vulnerabilities -- we remember you fondly, </span><a class=\"jive-link-blog-small\" data-containerId=\"5165\" data-containerType=\"37\" data-objectId=\"7460\" data-objectType=\"38\" href=\"https://community.rapid7.com/community/infosec/blog/2016/04/12/on-badlock-cve-2016-2118-for-samba-and-windows\"><span style=\"font-size: 11pt; font-family: Arial; color: #1155cc; text-decoration: underline;\">Badblock</span></a><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"> -- but clearly, unique names for exploits is where the real action is at, especially when you're <span style=\"color: black; font-family: Arial; font-size: 14.6667px; background-color: #000000;\">[REDACTED][REDACTED][REDACTED][REDACTED][REDACTED]</span>.</span></p><p style=\"min-height: 8pt; padding: 0px;\"> </p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">So, instead of running boring old '<span style=\"font-family: 'andale mono', times;\">exploit/windows/smb/ms08_067_netapi</span>', now you can don your onyx </span><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dtactleneck%26source%3Dlnms%26tbm%3Disch%26sa%3DX\" rel=\"nofollow\" target=\"_blank\"><span style=\"font-size: 11pt; font-family: Arial; color: #1155cc; text-decoration: underline;\">tactleneck</span></a><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">, and use </span><span style=\"font-size: 11pt; font-family: 'Courier New'; color: #000000; font-weight: bold;\">CRISPYTRUFFLE</span><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"> like the international man of mystery that you are.</span></p><p style=\"min-height: 8pt; padding: 0px;\"> </p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Need to scan for telnet banners? Sure, you </span><span style=\"font-size: 11pt; font-family: Arial; color: #000000; font-style: italic;\">could</span><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\"> use '<span style=\"font-family: 'andale mono', times;\">auxiliary/scanner/telnet/telnet_version</span>', like some kind of civilian, or you can be a shadowy puppetmaster and unleash the awesome power of </span><span style=\"font-size: 11pt; font-family: 'Courier New'; color: #000000; font-weight: bold;\">HIDDENBOYFRIEND</span><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">.</span></p><p style=\"min-height: 8pt; padding: 0px;\"> </p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">Or, maybe you're looking to deploy one of Metasploit's payloads as a standalone executable, given to your operative in the field. Once you've lost your tail and met your contact in a darkened, rain-slicked alley, you can hand off a USB key loaded up with </span><span style=\"font-size: 11pt; font-family: 'Courier New'; color: #000000; font-weight: bold;\">VENGEFULPONY</span><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">, and trust he'll do what it takes to get back across the border.</span></p><p style=\"min-height: 8pt; padding: 0px;\"> </p><p dir=\"ltr\"><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">In order to enable these ultra-top-secret codenames, you'll need to run a fresh checkout of the <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fgithub.com%2Frapid7%2Fmetasploit-framework%2Fwiki%2FSetting-Up-a-Metasploit-Development-Environment\" rel=\"nofollow\" target=\"_blank\">development version</a> of the Metasploit Framework. If you're on one of the <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=http%3A%2F%2Fmetasploit.com%2Fdownload\" target=\"_blank\">binary versions</a> of Metasploit, they'll be getting these codenames as well, so you can check if they're available by setting the environment variable DANGERZONE, like so:</span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\"> </p><div style=\"background-color: black;\"><p dir=\"ltr\"><span style=\"font-family: 'andale mono', times; color: #7ed529; padding: 5px;\">$ DANGERZONE=1 ./msfconsole -q</span></p><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\"> </p><p dir=\"ltr\"><span style=\"font-family: 'andale mono', times; color: #7ed529; padding: 5px;\">msf > use CRISPYTRUFFLE</span></p><p dir=\"ltr\"><span style=\"font-family: 'andale mono', times; color: #7ed529; padding: 5px;\">msf exploit(ms08_067_netapi) ></span></p></div><p dir=\"ltr\" style=\"min-height: 8pt; padding: 0px;\"> </p><p><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">So take a moment today, April 1st, to read yourself into <span style=\"color: #909090; font-family: Arial; font-size: 14.6667px; background-color: #000000;\">[REDACTED]</span> by visiting </span><a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=http%3A%2F%2Fwww.5z8.info%2Feid-howto_j0b9mh_openme.exe\" rel=\"nofollow\" target=\"_blank\"><span style=\"font-size: 11pt; font-family: Arial; color: #1155cc; text-decoration: underline;\">http://www.5z8.info/eid-howto_j0b9mh_openme.exe</span></a><span style=\"font-size: 11pt; font-family: Arial; color: #000000;\">. Make sure you're behind at least seven proxies when you do so, since <span style=\"color: #909090; font-family: Arial; font-size: 14.6667px; background-color: #000000;\">[REDACTED]</span> is probably watching.</span></p></div><!-- [DocumentBodyEnd:19e3d185-1b88-423d-89c7-c010d4979ac8] -->", "cvss3": {}, "published": "2017-04-01T12:03:18", "title": "Metasploit, [REDACTED] Edition", "type": "rapid7community", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2016-2118"], "modified": "2017-04-01T12:03:18", "href": "https://community.rapid7.com/community/metasploit/blog/2017/04/01/metasploit-redacted-edition", "id": "RAPID7COMMUNITY:ACA23AA788066EC985562287B2410D08", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debiancve": [{"lastseen": "2022-07-04T06:02:15", "description": "The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-04-12T23:59:00", "type": "debiancve", "title": "CVE-2016-2118", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2118"], "modified": "2016-04-12T23:59:00", "id": "DEBIANCVE:CVE-2016-2118", "href": "https://security-tracker.debian.org/tracker/CVE-2016-2118", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-06-16T20:23:54", "description": "The version of Samba, a CIFS/SMB server for Linux and Unix, running on the remote host is affected by a flaw, known as Badlock, that exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Samba Badlock Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2118"], "modified": "2019-11-20T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_BADLOCK.NASL", "href": "https://www.tenable.com/plugins/nessus/90509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90509);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-2118\");\n script_bugtraq_id(86002);\n script_xref(name:\"CERT\", value:\"813296\");\n\n script_name(english:\"Samba Badlock Vulnerability\");\n script_summary(english:\"Detects if the Badlock patch has been applied.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An SMB server running on the remote host is affected by the Badlock\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba, a CIFS/SMB server for Linux and Unix, running on\nthe remote host is affected by a flaw, known as Badlock, that exists\nin the Security Account Manager (SAM) and Local Security\nAuthority (Domain Policy) (LSAD) protocols due to improper\nauthentication level negotiation over Remote Procedure Call (RPC)\nchannels. A man-in-the-middle attacker who is able to able to\nintercept the traffic between a client and a server hosting a SAM\ndatabase can exploit this flaw to force a downgrade of the\nauthentication level, which allows the execution of arbitrary Samba\nnetwork calls in the context of the intercepted user, such as viewing\nor modifying sensitive security data in the Active Directory (AD)\ndatabase or disabling critical services.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://badlock.org\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2016-2118.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"samba_detect.nasl\");\n script_require_keys(\"SMB/samba\", \"SMB/name\", \"SMB/transport\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\n\n# DCERPC reject status codes\nPROTO_ERROR = 0x1c01000b;\nRING_ERROR = 0x1c010002;\n\nappname = \"Samba\";\nget_kb_item_or_exit(\"SMB/samba\");\nname = kb_smb_name();\nport = kb_smb_transport();\n\n###\n# Binds to one of the typically available pipes\n# @return a fd to the pipe\n##\nfunction bind_to_pipe()\n{\n local_var fid = bind_pipe (pipe:\"\\unixinfo\", uuid:\"9c54e310-a955-4885-bd31-78787147dfa6\", vers:0);\n if (!isnull(fid)) return fid;\n\n fid = bind_pipe (pipe:\"\\spoolss\", uuid:\"12345678-1234-abcd-ef00-0123456789ab\", vers:1);\n if (!isnull(fid)) return fid;\n\n fid = bind_pipe (pipe:\"\\lsarpc\", uuid:\"12345778-1234-abcd-ef00-0123456789ab\", vers:0);\n if (!isnull(fid)) return fid;\n\n # if samba_detect.nasl is successful than we should never be able to\n # hit here since we know it successfully bound to a pipe.\n audit(AUDIT_RESP_BAD, port);\n}\n\nif (get_kb_item(\"Host/scanned\") && !get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\n\n# establish a connection\nsoc = open_sock_tcp(port);\nif (!soc) audit(AUDIT_SOCK_FAIL, port);\n\n# start the session and try to connect to the share\nsession_init(socket:soc, hostname:name);\nif (NetUseAdd(share:\"IPC$\") != 1) audit(AUDIT_SHARE_FAIL, \"IPC\");\n\n# We need to bind to a pipe. We know samba_detect did so try\n# the known pipes\nbound_pipe = bind_to_pipe();\n\n# Make a ping request (this should be unexpected)\ndata = raw_word(w:0);\ndata = dce_rpc_pipe_request(fid:bound_pipe, code:0x3f, data:data, type:1);\nsmb_close (fid:bound_pipe);\nNetUseDel();\n\nif (!data || (strlen(data) < 28)) audit(AUDIT_RESP_BAD, port, \"the RPC pipe request\");\n \n# Type should be fault (3)\nif (get_byte (blob:data, pos:2) != 3) audit(AUDIT_RESP_BAD, port, \"the type examination\");\n\n# Check against the two known errors; any third type will be flagged as a bad resp.\nerror = get_dword (blob:data, pos:24);\nif (error == PROTO_ERROR) audit(AUDIT_INST_VER_NOT_VULN, appname);\nelse if (error != RING_ERROR) audit(AUDIT_RESP_BAD, port, \"the error code check\");\n\nreport = '\\nNessus detected that the Samba Badlock patch has not been applied.\\n';\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:24:53", "description": "CVE-2015-5370 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.\n\nCVE-2016-2118 The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka 'BADLOCK.'", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Samba vulnerabilities (K37603172) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2118"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL37603172.NASL", "href": "https://www.tenable.com/plugins/nessus/91055", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K37603172.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91055);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2118\");\n\n script_name(english:\"F5 Networks BIG-IP : Samba vulnerabilities (K37603172) (Badlock)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2015-5370 Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and\n4.4.x before 4.4.2 does not properly implement the DCE-RPC layer,\nwhich allows remote attackers to perform protocol-downgrade attacks,\ncause a denial of service (application crash or CPU consumption), or\npossibly execute arbitrary code on a client system via unspecified\nvectors.\n\nCVE-2016-2118 The MS-SAMR and MS-LSAD protocol implementations in\nSamba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before\n4.4.2 mishandle DCERPC connections, which allows man-in-the-middle\nattackers to perform protocol-downgrade attacks and impersonate users\nby modifying the client-server data stream, aka 'BADLOCK.'\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K37603172\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K37603172.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K37603172\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.3.0-11.6.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.4.0-11.6.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.0.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.0.0-11.6.0\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.0\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.1\",\"11.3.0-11.6.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:44", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5. Customers are advised to use the 'client signing = required' configuration option in the smb.conf file to mitigate CVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118 and CVE-2016-2110.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "CentOS 5 : samba (CESA-2016:0621) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-swat", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0621 and \n# CentOS Errata and Security Advisory 2016:0621 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90452);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"CentOS 5 : samba (CESA-2016:0621) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3db8a7e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:57", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5. Customers are advised to use the 'client signing = required' configuration option in the smb.conf file to mitigate CVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118 and CVE-2016-2110.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "RHEL 5 : samba (RHSA-2016:0621) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0621. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90498);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"RHEL 5 : samba (RHSA-2016:0621) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0621\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:57", "description": "Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libsmbclient", "p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba", "p-cpe:/a:fermilab:scientific_linux:samba-client", "p-cpe:/a:fermilab:scientific_linux:samba-common", "p-cpe:/a:fermilab:scientific_linux:samba-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba-swat", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160412_SAMBA_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90503);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20160412) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b633e72b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-debuginfo-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:56", "description": "Security Fix(es) :\n\n - Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Scientific Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n - It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba on SL6.x i386/x86_64 (20160412) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libsmbclient", "p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba", "p-cpe:/a:fermilab:scientific_linux:samba-client", "p-cpe:/a:fermilab:scientific_linux:samba-common", "p-cpe:/a:fermilab:scientific_linux:samba-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba-doc", "p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui", "p-cpe:/a:fermilab:scientific_linux:samba-glusterfs", "p-cpe:/a:fermilab:scientific_linux:samba-swat", "p-cpe:/a:fermilab:scientific_linux:samba-winbind", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160412_SAMBA_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90504", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90504);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL6.x i386/x86_64 (20160412) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were found in Samba's DCE/RPC protocol\n implementation. A remote, authenticated attacker could\n use these flaws to cause a denial of service against the\n Samba server (high CPU load or a crash) or, possibly,\n execute arbitrary code with the permissions of the user\n running Samba (root). This flaw could also be used to\n downgrade a secure DCE/RPC connection by a\n man-in-the-middle attacker taking control of an Active\n Directory (AD) object and compromising the security of a\n Samba Active Directory Domain Controller (DC).\n (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Scientific Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=7302\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98da124b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-common-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-debuginfo-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-clients-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:35", "description": "From Red Hat Security Advisory 2016:0621 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5. Customers are advised to use the 'client signing = required' configuration option in the smb.conf file to mitigate CVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118 and CVE-2016-2110.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : samba (ELSA-2016-0621) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-swat", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2016-0621.NASL", "href": "https://www.tenable.com/plugins/nessus/90489", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0621 and \n# Oracle Linux Security Advisory ELSA-2016-0621 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90489);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0621\");\n\n script_name(english:\"Oracle Linux 5 : samba (ELSA-2016-0621) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0621 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux 5.\nThe CVE-2016-2115 was also incorrectly listed as addressed by this\nupdate. This issue does affect the samba packages on Red Hat\nEnterprise Linux 5. Customers are advised to use the 'client signing =\nrequired' configuration option in the smb.conf file to mitigate\nCVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005950.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"libsmbclient-devel-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-client-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-common-3.0.33-3.41.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba-swat-3.0.33-3.41.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:34", "description": "An update for samba3x is now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "RHEL 5 : samba3x (RHSA-2016:0624) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba3x", "p-cpe:/a:redhat:enterprise_linux:samba3x-client", "p-cpe:/a:redhat:enterprise_linux:samba3x-common", "p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba3x-doc", "p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba3x-swat", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:5.9"], "id": "REDHAT-RHSA-2016-0624.NASL", "href": "https://www.tenable.com/plugins/nessus/90500", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90500);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0624\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2016:0624) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba3x is now available for Red Hat Enterprise Linux\n5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.6|5\\.9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-client-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-client-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-client-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-client-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-common-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-common-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-common-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-common-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-debuginfo-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-debuginfo-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-debuginfo-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-debuginfo-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-doc-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-doc-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-doc-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-doc-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-swat-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-swat-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-swat-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-swat-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-winbind-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-winbind-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-winbind-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-winbind-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:56", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "RHEL 6 : samba (RHSA-2016:0619) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-doc", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2016-0619.NASL", "href": "https://www.tenable.com/plugins/nessus/90496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0619. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90496);\n script_version(\"2.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0619\");\n\n script_name(english:\"RHEL 6 : samba (RHSA-2016:0619) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n # http://badlock.org/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://samba.plus\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6\\.2|6\\.4|6\\.5|6\\.6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2 / 6.4 / 6.5 / 6.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0619\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"libsmbclient-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"libsmbclient-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"libsmbclient-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"libsmbclient-devel-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"libsmbclient-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-common-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-common-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-common-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-debuginfo-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-debuginfo-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-winbind-clients-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-winbind-clients-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-clients-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"samba-winbind-devel-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"samba-winbind-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-devel-3.6.23-30.el6_5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:35", "description": "An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "CentOS 5 : samba3x (CESA-2016:0613) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:samba3x", "p-cpe:/a:centos:centos:samba3x-client", "p-cpe:/a:centos:centos:samba3x-common", "p-cpe:/a:centos:centos:samba3x-doc", "p-cpe:/a:centos:centos:samba3x-domainjoin-gui", "p-cpe:/a:centos:centos:samba3x-swat", "p-cpe:/a:centos:centos:samba3x-winbind", "p-cpe:/a:centos:centos:samba3x-winbind-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2016-0613.NASL", "href": "https://www.tenable.com/plugins/nessus/90451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0613 and \n# CentOS Errata and Security Advisory 2016:0613 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90451);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0613\");\n\n script_name(english:\"CentOS 5 : samba3x (CESA-2016:0613) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021821.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b672964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:44", "description": "An update for samba is now available for Red Hat Enterprise Linux 5.6 Long Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously incorrectly listed the CVE-2015-5370 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5.6 and 5.9 Long Life. No changes have been made to the packages.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed the CVE-2016-2112 issue as addressed by this update. However, this issue did not affect the samba packages on Red Hat Enterprise Linux 5.6 and 5.9 Long Life. The CVE-2016-2115 was also incorrectly listed as addressed by this update. This issue does affect the samba packages on Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Customers are advised to use the 'client signing = required' configuration option in the smb.conf file to mitigate CVE-2016-2115. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118 and CVE-2016-2110.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "RHEL 5 : samba (RHSA-2016:0623) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:5.9"], "id": "REDHAT-RHSA-2016-0623.NASL", "href": "https://www.tenable.com/plugins/nessus/90499", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0623. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90499);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0623\");\n\n script_name(english:\"RHEL 5 : samba (RHSA-2016:0623) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 5.6\nLong Life and Red Hat Enterprise Linux 5.9 Long Life.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously incorrectly listed\nthe CVE-2015-5370 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. No changes have been made to the packages.\n\n[Updated 14 April 2016] This advisory previously incorrectly listed\nthe CVE-2016-2112 issue as addressed by this update. However, this\nissue did not affect the samba packages on Red Hat Enterprise Linux\n5.6 and 5.9 Long Life. The CVE-2016-2115 was also incorrectly listed\nas addressed by this update. This issue does affect the samba packages\non Red Hat Enterprise Linux 5.6 and 5.9 Long Life. Customers are\nadvised to use the 'client signing = required' configuration option in\nthe smb.conf file to mitigate CVE-2016-2115. No changes have been made\nto the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Stefan Metzmacher (SerNet) as the\noriginal reporter of CVE-2016-2118 and CVE-2016-2110.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.6|5\\.9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.6 / 5.9\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0623\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"libsmbclient-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"libsmbclient-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"libsmbclient-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"libsmbclient-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"libsmbclient-devel-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"libsmbclient-devel-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"libsmbclient-devel-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-client-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-client-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-common-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-common-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-common-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-debuginfo-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-debuginfo-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-debuginfo-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"samba-swat-3.0.33-3.40.el5_9\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.30.el5_6\")) flag++;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"samba-swat-3.0.33-3.40.el5_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:26", "description": "From Red Hat Security Advisory 2016:0613 :\n\nAn update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : samba3x (ELSA-2016-0613) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:samba3x", "p-cpe:/a:oracle:linux:samba3x-client", "p-cpe:/a:oracle:linux:samba3x-common", "p-cpe:/a:oracle:linux:samba3x-doc", "p-cpe:/a:oracle:linux:samba3x-domainjoin-gui", "p-cpe:/a:oracle:linux:samba3x-swat", "p-cpe:/a:oracle:linux:samba3x-winbind", "p-cpe:/a:oracle:linux:samba3x-winbind-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2016-0613.NASL", "href": "https://www.tenable.com/plugins/nessus/90488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0613 and \n# Oracle Linux Security Advisory ELSA-2016-0613 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90488);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0613\");\n\n script_name(english:\"Oracle Linux 5 : samba3x (ELSA-2016-0613) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0613 :\n\nAn update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005949.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba3x packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-client-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-common-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-doc-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-domainjoin-gui-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-swat-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-3.6.23-12.0.1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"samba3x-winbind-devel-3.6.23-12.0.1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-doc / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:35", "description": "Security Fix(es) :\n\n - Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Scientific Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n - A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20160412) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:samba3x", "p-cpe:/a:fermilab:scientific_linux:samba3x-client", "p-cpe:/a:fermilab:scientific_linux:samba3x-common", "p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba3x-doc", "p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui", "p-cpe:/a:fermilab:scientific_linux:samba3x-swat", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind", "p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160412_SAMBA3X_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/90501", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90501);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"Scientific Linux Security Update : samba3x on SL5.x i386/x86_64 (20160412) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were found in Samba's DCE/RPC protocol\n implementation. A remote, authenticated attacker could\n use these flaws to cause a denial of service against the\n Samba server (high CPU load or a crash) or, possibly,\n execute arbitrary code with the permissions of the user\n running Samba (root). This flaw could also be used to\n downgrade a secure DCE/RPC connection by a\n man-in-the-middle attacker taking control of an Active\n Directory (AD) object and compromising the security of a\n Samba Active Directory Domain Controller (DC).\n (CVE-2015-5370)\n\nNote: While Samba packages as shipped in Scientific Linux do not\nsupport running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n - A protocol flaw, publicly referred to as Badlock, was\n found in the Security Account Manager Remote Protocol\n (MS-SAMR) and the Local Security Authority (Domain\n Policy) Remote Protocol (MS-LSAD). Any authenticated\n DCE/RPC connection that a client initiates against a\n server could be used by a man-in-the-middle attacker to\n impersonate the authenticated user against the SAMR or\n LSA service on the server. As a result, the attacker\n would be able to get read/write access to the Security\n Account Manager database, and use this to reveal all\n passwords or any other potentially sensitive information\n in that database. (CVE-2016-2118)\n\n - Several flaws were found in Samba's implementation of\n NTLMSSP authentication. An unauthenticated,\n man-in-the-middle attacker could use this flaw to clear\n the encryption and integrity flags of a connection,\n causing data to be transmitted in plain text. The\n attacker could also force the client or server into\n sending data in plain text even if encryption was\n explicitly requested for that connection.\n (CVE-2016-2110)\n\n - It was discovered that Samba configured as a Domain\n Controller would establish a secure communication\n channel with a machine using a spoofed computer name. A\n remote attacker able to observe network traffic could\n use this flaw to obtain session-related information\n about the spoofed machine. (CVE-2016-2111)\n\n - It was found that Samba's LDAP implementation did not\n enforce integrity protection for LDAP connections. A\n man-in-the-middle attacker could use this flaw to\n downgrade LDAP connections to use no integrity\n protection, allowing them to hijack such connections.\n (CVE-2016-2112)\n\n - It was found that Samba did not enable integrity\n protection for IPC traffic by default. A\n man-in-the-middle attacker could use this flaw to view\n and modify the data sent between a Samba server and a\n client. (CVE-2016-2115)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=6491\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bab64414\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-debuginfo-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:26", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the CVE-2016-2110 issue as addressed by this update. However, this issue did affect samba on Red Hat Enterprise Linux 6, and is addressed by this update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "RHEL 6 : samba (RHSA-2016:0611) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-doc", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2016-0611.NASL", "href": "https://www.tenable.com/plugins/nessus/90491", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0611. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90491);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0611\");\n\n script_name(english:\"RHEL 6 : samba (RHSA-2016:0611) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0611\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-devel-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-common-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-debuginfo-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-clients-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-devel-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:35", "description": "An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "RHEL 5 : samba3x (RHSA-2016:0613) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba3x", "p-cpe:/a:redhat:enterprise_linux:samba3x-client", "p-cpe:/a:redhat:enterprise_linux:samba3x-common", "p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba3x-doc", "p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui", "p-cpe:/a:redhat:enterprise_linux:samba3x-swat", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind", "p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2016-0613.NASL", "href": "https://www.tenable.com/plugins/nessus/90493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0613. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90493);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0613\");\n\n script_name(english:\"RHEL 5 : samba3x (RHSA-2016:0613) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba3x is now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/vulnerabilities/badlock\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2253041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://badlock.org/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2243351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba3x-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0613\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-client-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-common-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-debuginfo-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-doc-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-domainjoin-gui-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"samba3x-swat-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-3.6.23-12.el5_11\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"samba3x-winbind-devel-3.6.23-12.el5_11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba3x / samba3x-client / samba3x-common / samba3x-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:36", "description": "An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the CVE-2016-2110 issue as addressed by this update. However, this issue did affect samba on Red Hat Enterprise Linux 6, and is addressed by this update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "CentOS 6 : samba (CESA-2016:0611) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-doc", "p-cpe:/a:centos:centos:samba-domainjoin-gui", "p-cpe:/a:centos:centos:samba-glusterfs", "p-cpe:/a:centos:centos:samba-swat", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-winbind-devel", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-0611.NASL", "href": "https://www.tenable.com/plugins/nessus/90449", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0611 and \n# CentOS Errata and Security Advisory 2016:0611 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90449);\n script_version(\"2.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0611\");\n\n script_name(english:\"CentOS 6 : samba (CESA-2016:0611) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021815.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?808aa2e9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libsmbclient-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-client-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-common-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-doc-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-domainjoin-gui-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-swat-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-clients-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-devel-3.6.23-30.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba-winbind-krb5-locator-3.6.23-30.el6_7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:44", "description": "From Red Hat Security Advisory 2016:0611 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the CVE-2016-2110 issue as addressed by this update. However, this issue did affect samba on Red Hat Enterprise Linux 6, and is addressed by this update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : samba (ELSA-2016-0611) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-doc", "p-cpe:/a:oracle:linux:samba-domainjoin-gui", "p-cpe:/a:oracle:linux:samba-glusterfs", "p-cpe:/a:oracle:linux:samba-swat", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-devel", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-0611.NASL", "href": "https://www.tenable.com/plugins/nessus/90486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0611 and \n# Oracle Linux Security Advisory ELSA-2016-0611 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90486);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0611\");\n\n script_name(english:\"Oracle Linux 6 : samba (ELSA-2016-0611) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0611 :\n\nAn update for samba is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 13 April 2016] This advisory previously did not list the\nCVE-2016-2110 issue as addressed by this update. However, this issue\ndid affect samba on Red Hat Enterprise Linux 6, and is addressed by\nthis update. No changes have been made to the packages.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nand CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-April/005948.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsmbclient-devel-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-client-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-common-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-doc-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-domainjoin-gui-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-swat-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-clients-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-devel-3.6.23-30.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"samba-winbind-krb5-locator-3.6.23-30.0.1.el6_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / samba / samba-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:36", "description": "samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : samba (SUSE-SU-2016:1023-1) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ldapsmb", "p-cpe:/a:novell:suse_linux:libldb1", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libtalloc2", "p-cpe:/a:novell:suse_linux:libtdb1", "p-cpe:/a:novell:suse_linux:libtevent0", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-krb-printing", "p-cpe:/a:novell:suse_linux:samba-winbind", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1023-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1023-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90533);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"SUSE SLES11 Security Update : samba (SUSE-SU-2016:1023-1) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5370/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2118/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161023-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a6d1c5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5 :\n\nzypper in -t patch sleclo50sp3-samba-12507=1\n\nSUSE Manager Proxy 2.1 :\n\nzypper in -t patch slemap21-samba-12507=1\n\nSUSE Manager 2.1 :\n\nzypper in -t patch sleman21-samba-12507=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-samba-12507=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-samba-12507=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-samba-12507=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS :\n\nzypper in -t patch slessp3-samba-12507=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-samba-12507=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-samba-12507=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libtalloc2-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libtdb1-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libtevent0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libsmbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libtalloc2-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libtdb1-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libtevent0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libwbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"samba-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"samba-client-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"samba-winbind-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ldapsmb-1.34b-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libldb1-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libsmbclient0-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libtalloc2-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libtdb1-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libtevent0-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libwbclient0-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"samba-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"samba-client-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"samba-krb-printing-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"samba-winbind-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libtalloc2-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libtdb1-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libsmbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libtalloc2-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libtdb1-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libtevent0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"libwbclient0-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"samba-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"samba-client-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"samba-winbind-32bit-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"ldapsmb-1.34b-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libldb1-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libsmbclient0-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libtalloc2-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libtdb1-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libtevent0-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"libwbclient0-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"samba-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"samba-client-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"samba-krb-printing-3.6.3-76.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"samba-winbind-3.6.3-76.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:56", "description": "Samba was updated to the 4.2.x codestream, bringing some new features and security fixes (bsc#973832, FATE#320709).\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).\n\nAlso the following fixes were done :\n\n - Upgrade on-disk FSRVP server state to new version;\n (bsc#924519).\n\n - Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel;\n (bsc#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it; (bsc#972197).\n\n - Getting and setting Windows ACLs on symlinks can change permissions on link\n\n - Only obsolete but do not provide gplv2/3 package names;\n (bsc#968973).\n\n - Enable clustering (CTDB) support; (bsc#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (bsc#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we access memory allocated on the globals and the global being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bsc#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man 5 smb.conf; (bso#11619).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libgensec0", "p-cpe:/a:novell:suse_linux:libgensec0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libregistry0", "p-cpe:/a:novell:suse_linux:libregistry0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-raw0", "p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1022-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1022-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90532);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1022-1) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samba was updated to the 4.2.x codestream, bringing some new features\nand security fixes (bsc#973832, FATE#320709).\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\nAlso the following fixes were done :\n\n - Upgrade on-disk FSRVP server state to new version;\n (bsc#924519).\n\n - Fix samba.tests.messaging test and prevent potential tdb\n corruption by removing obsolete now invalid tdb_close\n call; (bsc#974629).\n\n - Align fsrvp feature sources with upstream version.\n\n - Obsolete libsmbsharemodes0 from samba-libs and\n libsmbsharemodes-devel from samba-core-devel;\n (bsc#973832).\n\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry\n on a filesystem with no ACL support; (bso#10489).\n\n - docs: Add example for domain logins to smbspool man\n page; (bso#11643).\n\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n\n - loadparm: Fix memory leak issue; (bso#11708).\n\n - lib/tsocket: Work around sockets not supporting\n FIONREAD; (bso#11714).\n\n - ctdb-scripts: Drop use of 'smbcontrol winbindd\n ip-dropped ...'; (bso#11719).\n\n - s3:smbd:open: Skip redundant call to file_set_dosmode\n when creating a new file; (bso#11727).\n\n - param: Fix str_list_v3 to accept ';' again; (bso#11732).\n\n - Real memeory leak(buildup) issue in loadparm;\n (bso#11740).\n\n - Obsolete libsmbclient from libsmbclient0 and\n libpdb-devel from libsamba-passdb-devel while not\n providing it; (bsc#972197).\n\n - Getting and setting Windows ACLs on symlinks can change\n permissions on link\n\n - Only obsolete but do not provide gplv2/3 package names;\n (bsc#968973).\n\n - Enable clustering (CTDB) support; (bsc#966271).\n\n - s3: smbd: Fix timestamp rounding inside SMB2 create;\n (bso#11703); (bsc#964023).\n\n - vfs_fruit: Fix renaming directories with open files;\n (bso#11065).\n\n - Fix MacOS finder error 36 when copying folder to Samba;\n (bso#11347).\n\n - s3:smbd/oplock: Obey kernel oplock setting when\n releasing oplocks; (bso#11400).\n\n - Fix copying files with vfs_fruit when using\n vfs_streams_xattr without stream prefix and type suffix;\n (bso#11466).\n\n - s3:libsmb: Correctly initialize the list head when\n keeping a list of primary followed by DFS connections;\n (bso#11624).\n\n - Reduce the memory footprint of empty string options;\n (bso#11625).\n\n - lib/async_req: Do not install async_connect_send_test;\n (bso#11639).\n\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n\n - smbd: make 'hide dot files' option work with 'store dos\n attributes = yes'; (bso#11645).\n\n - smbcacls: Fix uninitialized variable; (bso#11682).\n\n - s3:smbd: Ignore initial allocation size for directory\n creation; (bso#11684).\n\n - Changing log level of two entries to from 1 to 3;\n (bso#9912).\n\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n\n - wafsamba: Also build libraries with RELRO protection;\n (bso#11346).\n\n - ctdb: Strip trailing spaces from nodes file;\n (bso#11365).\n\n - s3-smbd: Fix old DOS client doing wildcard delete -\n gives a attribute type of zero; (bso#11452).\n\n - nss_wins: Do not run into use after free issues when we\n access memory allocated on the globals and the global\n being reinitialized; (bso#11563).\n\n - async_req: Fix non-blocking connect(); (bso#11564).\n\n - auth: gensec: Fix a memory leak; (bso#11565).\n\n - lib: util: Make non-critical message a warning;\n (bso#11566).\n\n - Fix winbindd crashes with samlogon for trusted domain\n user; (bso#11569); (bsc#949022).\n\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n\n - ctdb: Open the RO tracking db with perms 0600 instead of\n 0000; (bso#11577).\n\n - manpage: Correct small typo error; (bso#11584).\n\n - s3: smbd: If EA's are turned off on a share don't allow\n an SMB2 create containing them; (bso#11589).\n\n - Backport some valgrind fixes from upstream master;\n (bso#11597).\n\n - s3: smbd: have_file_open_below() fails to enumerate open\n files below an open directory handle; (bso#11615).\n\n - docs: Fix some typos in the idmap config section of man\n 5 smb.conf; (bso#11619).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=320709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5370/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2118/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161022-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d433eabc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-605=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-605=1\n\nSUSE Linux Enterprise High Availability 12 :\n\nzypper in -t patch SUSE-SLE-HA-12-2016-605=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-605=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgensec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgensec0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libregistry0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libregistry0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-raw0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libregistry0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libregistry0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-debugsource-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libgensec0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libndr0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-client-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-libs-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libregistry0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libregistry0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-debugsource-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-18.17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-4.2.4-18.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:44", "description": "samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : samba (SUSE-SU-2016:1028-1) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ldapsmb", "p-cpe:/a:novell:suse_linux:libldb1", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libtalloc2", "p-cpe:/a:novell:suse_linux:libtdb1", "p-cpe:/a:novell:suse_linux:libtevent0", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-krb-printing", "p-cpe:/a:novell:suse_linux:samba-winbind", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1028-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1028-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90536);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"SUSE SLES11 Security Update : samba (SUSE-SU-2016:1028-1) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5370/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2118/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161028-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?511357b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-samba-12508=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2 :\n\nzypper in -t patch dbgsp2-samba-12508=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libtalloc2-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libtdb1-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent0-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-client-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libsmbclient0-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libtalloc2-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libtdb1-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libtevent0-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"libwbclient0-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"samba-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"samba-client-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"samba-winbind-32bit-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"ldapsmb-1.34b-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libldb1-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libsmbclient0-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libtalloc2-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libtdb1-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libtevent0-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"libwbclient0-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"samba-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"samba-client-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"samba-krb-printing-3.6.3-52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"samba-winbind-3.6.3-52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:19", "description": "samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).\n\nThese non-security issues were fixed :\n\n - bsc#974629: Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call.\n\n - bsc#973832: Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel from samba-core-devel.\n\n - bsc#972197: Obsolete libsmbclient from libsmbclient0 and libpdb-devel from libsamba-passdb-devel while not providing it.\n\n - Getting and setting Windows ACLs on symlinks can change permissions on link\n\n - bsc#924519: Upgrade on-disk FSRVP server state to new version.\n\n - bsc#968973: Only obsolete but do not provide gplv2/3 package names.\n\n - bso#6482: s3:utils/smbget: Fix recursive download.\n\n - bso#10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support.\n\n - bso#11643: docs: Add example for domain logins to smbspool man page.\n\n - bso#11690: s3-client: Add a KRB5 wrapper for smbspool.\n\n - bso#11708: loadparm: Fix memory leak issue.\n\n - bso#11714: lib/tsocket: Work around sockets not supporting FIONREAD.\n\n - bso#11719: ctdb-scripts: Drop use of 'smbcontrol winbindd ip-dropped ...'.\n\n - bso#11727: s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file.\n\n - bso#11732: param: Fix str_list_v3 to accept ';' again.\n\n - bso#11740: Real memeory leak(buildup) issue in loadparm.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-2016-453) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-devel", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libgensec-devel", "p-cpe:/a:novell:opensuse:libgensec0", "p-cpe:/a:novell:opensuse:libgensec0-32bit", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libregistry-devel", "p-cpe:/a:novell:opensuse:libregistry0", "p-cpe:/a:novell:opensuse:libregistry0-32bit", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw0", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsmbldap0", "p-cpe:/a:novell:opensuse:libsmbldap0-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-test-devel", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-453.NASL", "href": "https://www.tenable.com/plugins/nessus/90522", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-453.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90522);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2016-453) (Badlock)\");\n script_summary(english:\"Check for the openSUSE-2016-453 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\nThese non-security issues were fixed :\n\n - bsc#974629: Fix samba.tests.messaging test and prevent\n potential tdb corruption by removing obsolete now\n invalid tdb_close call.\n\n - bsc#973832: Obsolete libsmbsharemodes0 from samba-libs\n and libsmbsharemodes-devel from samba-core-devel.\n\n - bsc#972197: Obsolete libsmbclient from libsmbclient0 and\n libpdb-devel from libsamba-passdb-devel while not\n providing it.\n\n - Getting and setting Windows ACLs on symlinks can change\n permissions on link\n\n - bsc#924519: Upgrade on-disk FSRVP server state to new\n version.\n\n - bsc#968973: Only obsolete but do not provide gplv2/3\n package names.\n\n - bso#6482: s3:utils/smbget: Fix recursive download.\n\n - bso#10489: s3: smbd: posix_acls: Fix check for setting\n u:g:o entry on a filesystem with no ACL support.\n\n - bso#11643: docs: Add example for domain logins to\n smbspool man page.\n\n - bso#11690: s3-client: Add a KRB5 wrapper for smbspool.\n\n - bso#11708: loadparm: Fix memory leak issue.\n\n - bso#11714: lib/tsocket: Work around sockets not\n supporting FIONREAD.\n\n - bso#11719: ctdb-scripts: Drop use of 'smbcontrol\n winbindd ip-dropped ...'.\n\n - bso#11727: s3:smbd:open: Skip redundant call to\n file_set_dosmode when creating a new file.\n\n - bso#11732: param: Fix str_list_v3 to accept ';' again.\n\n - bso#11740: Real memeory leak(buildup) issue in loadparm.\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974629\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ctdb-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ctdb-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ctdb-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ctdb-tests-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ctdb-tests-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-atsvc-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-atsvc0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-atsvc0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-binding0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-samr-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-samr0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc-samr0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libdcerpc0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libgensec-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libgensec0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libgensec0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-krb5pac-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-krb5pac0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-nbt-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-nbt0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-nbt0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-standard-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-standard0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr-standard0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libndr0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libnetapi-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libnetapi0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libnetapi0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libregistry-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libregistry0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libregistry0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-credentials-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-credentials0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-credentials0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-hostconfig-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-hostconfig0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-passdb-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-passdb0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-passdb0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-policy-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-policy0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-policy0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-util-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-util0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamba-util0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamdb-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamdb0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsamdb0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbclient-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbclient-raw-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbclient-raw0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbclient0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbclient0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbconf-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbconf0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbconf0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbldap-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbldap0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libsmbldap0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libtevent-util-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libtevent-util0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libtevent-util0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwbclient-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwbclient0-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libwbclient0-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-client-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-client-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-core-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-debugsource-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-libs-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-libs-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-pidl-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-python-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-python-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-test-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-test-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-test-devel-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-winbind-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"samba-winbind-debuginfo-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libgensec0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libregistry0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libregistry0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.2.4-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-devel / ctdb-tests / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:54", "description": "samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of authenticated account were possible (bsc#971965).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1024-1) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libgensec0", "p-cpe:/a:novell:suse_linux:libgensec0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libregistry0", "p-cpe:/a:novell:suse_linux:libregistry0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-raw0", "p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1024-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1024-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90534);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:1024-1) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"samba was updated to fix seven security issues.\n\nThese security issues were fixed :\n\n - CVE-2015-5370: DCERPC server and client were vulnerable\n to DOS and MITM attacks (bsc#936862).\n\n - CVE-2016-2110: A man-in-the-middle could have downgraded\n NTLMSSP authentication (bsc#973031).\n\n - CVE-2016-2111: Domain controller netlogon member\n computer could have been spoofed (bsc#973032).\n\n - CVE-2016-2112: LDAP conenctions were vulnerable to\n downgrade and MITM attack (bsc#973033).\n\n - CVE-2016-2113: TLS certificate validation were missing\n (bsc#973034).\n\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM\n attacks (bsc#973036).\n\n - CVE-2016-2118: 'Badlock' DCERPC impersonation of\n authenticated account were possible (bsc#971965).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5370/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2118/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161024-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3c5d3a6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP1-2016-604=1\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-604=1\n\nSUSE Linux Enterprise High Availability 12-SP1 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP1-2016-604=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-604=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgensec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgensec0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libregistry0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libregistry0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-raw0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-raw0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc-binding0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgensec0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgensec0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-krb5pac0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-nbt0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-standard0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-standard0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetapi0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetapi0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libregistry0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libregistry0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-credentials0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-hostconfig0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-passdb0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-util0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-util0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamdb0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamdb0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient-raw0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbconf0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbconf0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbldap0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbldap0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libtevent-util0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libtevent-util0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libwbclient0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libwbclient0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-client-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-client-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-debugsource-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-libs-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-libs-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-winbind-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-winbind-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc-binding0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgensec0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libgensec0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-krb5pac0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-nbt0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-standard0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libndr0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetapi0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-credentials0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-hostconfig0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-passdb0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-util0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamdb0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient-raw0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbconf0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbldap0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libtevent-util0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libwbclient0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-client-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-client-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-libs-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-libs-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-winbind-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgensec0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgensec0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libregistry0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libregistry0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-client-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-debugsource-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.2.4-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-4.2.4-16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:55", "description": "An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version:\nSamba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : ipa / libldb / libtalloc / libtdb / libtevent / openchange / samba / samba4 (CESA-2016:0612) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ctdb", "p-cpe:/a:centos:centos:ctdb-devel", "p-cpe:/a:centos:centos:ctdb-tests", "p-cpe:/a:centos:centos:ipa-admintools", "p-cpe:/a:centos:centos:ipa-client", "p-cpe:/a:centos:centos:ipa-python", "p-cpe:/a:centos:centos:ipa-server", "p-cpe:/a:centos:centos:ipa-server-dns", "p-cpe:/a:centos:centos:ipa-server-selinux", "p-cpe:/a:centos:centos:ipa-server-trust-ad", "p-cpe:/a:centos:centos:ldb-tools", "p-cpe:/a:centos:centos:libldb", "p-cpe:/a:centos:centos:libldb-devel", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:libtalloc", "p-cpe:/a:centos:centos:libtalloc-devel", "p-cpe:/a:centos:centos:libtdb", "p-cpe:/a:centos:centos:libtdb-devel", "p-cpe:/a:centos:centos:libtevent", "p-cpe:/a:centos:centos:libtevent-devel", "p-cpe:/a:centos:centos:libwbclient", "p-cpe:/a:centos:centos:libwbclient-devel", "p-cpe:/a:centos:centos:openchange", "p-cpe:/a:centos:centos:openchange-client", "p-cpe:/a:centos:centos:openchange-devel", "p-cpe:/a:centos:centos:openchange-devel-docs", "p-cpe:/a:centos:centos:pyldb", "p-cpe:/a:centos:centos:pyldb-devel", "p-cpe:/a:centos:centos:pytalloc", "p-cpe:/a:centos:centos:pytalloc-devel", "p-cpe:/a:centos:centos:python-tdb", "p-cpe:/a:centos:centos:python-tevent", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-client-libs", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-common-libs", "p-cpe:/a:centos:centos:samba-common-tools", "p-cpe:/a:centos:centos:samba-dc", "p-cpe:/a:centos:centos:samba-dc-libs", "p-cpe:/a:centos:centos:samba-devel", "p-cpe:/a:centos:centos:samba-libs", "p-cpe:/a:centos:centos:samba-pidl", "p-cpe:/a:centos:centos:samba-python", "p-cpe:/a:centos:centos:samba-test", "p-cpe:/a:centos:centos:samba-test-devel", "p-cpe:/a:centos:centos:samba-test-libs", "p-cpe:/a:centos:centos:samba-vfs-glusterfs", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "p-cpe:/a:centos:centos:samba-winbind-modules", "p-cpe:/a:centos:centos:samba4", "p-cpe:/a:centos:centos:samba4-client", "p-cpe:/a:centos:centos:samba4-common", "p-cpe:/a:centos:centos:samba4-dc", "p-cpe:/a:centos:centos:samba4-dc-libs", "p-cpe:/a:centos:centos:samba4-devel", "p-cpe:/a:centos:centos:samba4-libs", "p-cpe:/a:centos:centos:samba4-pidl", "p-cpe:/a:centos:centos:samba4-python", "p-cpe:/a:centos:centos:samba4-test", "p-cpe:/a:centos:centos:samba4-winbind", "p-cpe:/a:centos:centos:samba4-winbind-clients", "p-cpe:/a:centos:centos:samba4-winbind-krb5-locator", "p-cpe:/a:centos:centos:tdb-tools", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-0612.NASL", "href": "https://www.tenable.com/plugins/nessus/90450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0612 and \n# CentOS Errata and Security Advisory 2016:0612 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90450);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0612\");\n\n script_name(english:\"CentOS 6 / 7 : ipa / libldb / libtalloc / libtdb / libtevent / openchange / samba / samba4 (CESA-2016:0612) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba4 and samba is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7, respectively.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nThe following packages have been upgraded to a newer upstream version:\nSamba (4.2.10). Refer to the Release Notes listed in the References\nsection for a complete list of changes.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in\ncertain connections. A man-in-the-middle attacker could use this flaw\nto spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block\n(SMB) signing for clients using the SMB1 protocol. A man-in-the-middle\nattacker could use this flaw to modify traffic between a client and a\nserver. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nCVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021814.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7e33adf\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021816.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a5c541e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021817.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9177e3e0\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad1a380e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021819.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3e9d429\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021820.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4a51239\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd567635\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021824.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a32f9073\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021825.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21a61140\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021826.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f258b0fe\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021827.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e6d9b96\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021828.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ad7fd86d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e06f4ee3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-April/021830.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?238c528e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2118\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-admintools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtalloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pyldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pyldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pytalloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pytalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"ipa-admintools-3.0.0-47.el6.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ipa-client-3.0.0-47.el6.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ipa-python-3.0.0-47.el6.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ipa-server-3.0.0-47.el6.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ipa-server-selinux-3.0.0-47.el6.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ipa-server-trust-ad-3.0.0-47.el6.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"ldb-tools-1.1.25-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libldb-1.1.25-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libldb-devel-1.1.25-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtalloc-2.1.5-1.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtalloc-devel-2.1.5-1.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtdb-1.3.8-1.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtdb-devel-1.3.8-1.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtevent-0.9.26-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libtevent-devel-0.9.26-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-1.0-7.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-client-1.0-7.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-devel-1.0-7.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"openchange-devel-docs-1.0-7.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pyldb-1.1.25-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pyldb-devel-1.1.25-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pytalloc-2.1.5-1.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pytalloc-devel-2.1.5-1.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-tdb-1.3.8-1.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-tevent-0.9.26-2.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-client-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-common-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-dc-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-dc-libs-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-devel-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-libs-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-pidl-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-python-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-test-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-clients-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"samba4-winbind-krb5-locator-4.2.10-6.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tdb-tools-1.3.8-1.el6_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ctdb-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ctdb-devel-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ctdb-tests-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ipa-admintools-4.2.0-15.0.1.el7.centos.6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ipa-client-4.2.0-15.0.1.el7.centos.6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ipa-python-4.2.0-15.0.1.el7.centos.6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ipa-server-4.2.0-15.0.1.el7.centos.6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ipa-server-dns-4.2.0-15.0.1.el7.centos.6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ipa-server-trust-ad-4.2.0-15.0.1.el7.centos.6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ldb-tools-1.1.25-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libldb-1.1.25-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libldb-devel-1.1.25-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libsmbclient-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libsmbclient-devel-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libtalloc-2.1.5-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libtalloc-devel-2.1.5-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libtdb-1.3.8-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libtdb-devel-1.3.8-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libtevent-0.9.26-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libtevent-devel-0.9.26-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libwbclient-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libwbclient-devel-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openchange-2.0-10.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openchange-client-2.0-10.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openchange-devel-2.0-10.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"openchange-devel-docs-2.0-10.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"pyldb-1.1.25-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"pyldb-devel-1.1.25-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"pytalloc-2.1.5-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"pytalloc-devel-2.1.5-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tdb-1.3.8-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tevent-0.9.26-1.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-client-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-client-libs-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-common-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-dc-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-devel-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-libs-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-pidl-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-python-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-test-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-test-libs-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"samba-winbind-modules-4.2.10-6.el7_2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tdb-tools-1.3.8-1.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-devel / ctdb-tests / ipa-admintools / ipa-client / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:56", "description": "An update for samba is now available for Red Hat Gluster Storage 3.1 for RHEL 6 and Red Hat Gluster Storage 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version:\nSamba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Gluster Storage do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-15T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Storage Server (RHSA-2016:0614) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-devel", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:ldb-tools", "p-cpe:/a:redhat:enterprise_linux:libldb", "p-cpe:/a:redhat:enterprise_linux:libldb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libldb-devel", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libtalloc", "p-cpe:/a:redhat:enterprise_linux:libtalloc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtalloc-devel", "p-cpe:/a:redhat:enterprise_linux:libtdb", "p-cpe:/a:redhat:enterprise_linux:libtdb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtdb-devel", "p-cpe:/a:redhat:enterprise_linux:libtevent", "p-cpe:/a:redhat:enterprise_linux:libtevent-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtevent-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:pyldb", "p-cpe:/a:redhat:enterprise_linux:pyldb-devel", "p-cpe:/a:redhat:enterprise_linux:pytalloc", "p-cpe:/a:redhat:enterprise_linux:pytalloc-devel", "p-cpe:/a:redhat:enterprise_linux:python-tdb", "p-cpe:/a:redhat:enterprise_linux:python-tevent", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-dc", "p-cpe:/a:redhat:enterprise_linux:samba-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-python", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-devel", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "p-cpe:/a:redhat:enterprise_linux:tdb-tools", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2016-0614.NASL", "href": "https://www.tenable.com/plugins/nessus/90530", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0614. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90530);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0614\");\n\n script_name(english:\"RHEL 6 / 7 : Storage Server (RHSA-2016:0614) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Gluster Storage 3.1\nfor RHEL 6 and Red Hat Gluster Storage 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nThe following packages have been upgraded to a newer upstream version:\nSamba (4.2.10). Refer to the Release Notes listed in the References\nsection for a complete list of changes.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Gluster Storage do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in\ncertain connections. A man-in-the-middle attacker could use this flaw\nto spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block\n(SMB) signing for clients using the SMB1 protocol. A man-in-the-middle\nattacker could use this flaw to modify traffic between a client and a\nserver. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nCVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libldb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtevent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pyldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pyldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pytalloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pytalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0614\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"glusterfs-server\") || rpm_exists(release:\"RHEL7\", rpm:\"glusterfs-server\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Storage Server\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ctdb-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ctdb-devel-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ctdb-tests-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ldb-tools-1.1.24-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libldb-1.1.24-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libldb-debuginfo-1.1.24-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libldb-devel-1.1.24-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libsmbclient-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libsmbclient-devel-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtalloc-2.1.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtalloc-debuginfo-2.1.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtalloc-devel-2.1.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtdb-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtdb-debuginfo-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtdb-devel-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtevent-0.9.26-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtevent-debuginfo-0.9.26-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libtevent-devel-0.9.26-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libwbclient-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libwbclient-devel-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"pyldb-1.1.24-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"pyldb-devel-1.1.24-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"pytalloc-2.1.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"pytalloc-devel-2.1.5-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-tdb-1.3.8-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-tevent-0.9.26-1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-libs-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"samba-common-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-dc-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-devel-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-libs-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"samba-pidl-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-python-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-test-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-test-libs-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-modules-4.2.11-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tdb-tools-1.3.8-1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-devel-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-tests-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ldb-tools-1.1.24-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libldb-1.1.24-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libldb-debuginfo-1.1.24-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libldb-devel-1.1.24-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libsmbclient-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libsmbclient-devel-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtalloc-2.1.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtalloc-debuginfo-2.1.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtalloc-devel-2.1.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtdb-1.3.8-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtdb-debuginfo-1.3.8-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtdb-devel-1.3.8-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtevent-0.9.26-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtevent-debuginfo-0.9.26-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libtevent-devel-0.9.26-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libwbclient-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libwbclient-devel-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pyldb-1.1.24-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pyldb-devel-1.1.24-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pytalloc-2.1.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"pytalloc-devel-2.1.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-tdb-1.3.8-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-tevent-0.9.26-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-client-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-client-libs-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"samba-common-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-dc-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-devel-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-libs-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"samba-pidl-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-python-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-libs-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-modules-4.2.11-2.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tdb-tools-1.3.8-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-devel / ctdb-tests / ldb-tools / libldb / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:56", "description": "Multiple flaws were found in Samba's DCE/RPC protocol implementation.\nA remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nA protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\nSeveral flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\nIt was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\nIt was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\nIt was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\nIt was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\nIt was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-14T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : samba (ALAS-2016-686) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-devel", "p-cpe:/a:amazon:linux:ctdb-tests", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-python", "p-cpe:/a:amazon:linux:samba-test", "p-cpe:/a:amazon:linux:samba-test-devel", "p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-modules", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-686.NASL", "href": "https://www.tenable.com/plugins/nessus/90514", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-686.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90514);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"ALAS\", value:\"2016-686\");\n\n script_name(english:\"Amazon Linux AMI : samba (ALAS-2016-686) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in Samba's DCE/RPC protocol implementation.\nA remote, authenticated attacker could use these flaws to cause a\ndenial of service against the Samba server (high CPU load or a crash)\nor, possibly, execute arbitrary code with the permissions of the user\nrunning Samba (root). This flaw could also be used to downgrade a\nsecure DCE/RPC connection by a man-in-the-middle attacker taking\ncontrol of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nA protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\nSeveral flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\nIt was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\nIt was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\nIt was found that Samba did not validate SSL/TLS certificates in\ncertain connections. A man-in-the-middle attacker could use this flaw\nto spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\nIt was discovered that Samba did not enforce Server Message Block\n(SMB) signing for clients using the SMB1 protocol. A man-in-the-middle\nattacker could use this flaw to modify traffic between a client and a\nserver. (CVE-2016-2114)\n\nIt was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-686.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update samba' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ctdb-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ctdb-devel-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ctdb-tests-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libsmbclient-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libsmbclient-devel-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libwbclient-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libwbclient-devel-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-client-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-client-libs-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-common-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-common-libs-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-common-tools-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-debuginfo-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-devel-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-libs-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-pidl-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-python-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-test-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-test-devel-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-test-libs-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-winbind-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-winbind-clients-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-winbind-krb5-locator-4.2.10-6.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"samba-winbind-modules-4.2.10-6.33.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-devel / ctdb-tests / libsmbclient / libsmbclient-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:25:26", "description": "USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to version 4.3.9, which introduced a regression when using the ntlm_auth tool. This update fixes the problem.\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack.\n(CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack.\n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack.\n(CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack.\n(CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock.\n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\nConfiguration changes may be required in certain environments.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-26T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : samba regression (USN-2950-5) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:samba", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-2950-5.NASL", "href": "https://www.tenable.com/plugins/nessus/91333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2950-5. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91333);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"USN\", value:\"2950-5\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : samba regression (USN-2950-5) (Badlock)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2950-1 fixed vulnerabilities in Samba. USN-2950-3 updated Samba to\nversion 4.3.9, which introduced a regression when using the ntlm_auth\ntool. This update fixes the problem.\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the\nDCE/RPC implementation. A remote attacker could use this issue to\nperform a denial of service, downgrade secure connections by\nperforming a man in the middle attack, or possibly execute arbitrary\ncode. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple\nflaws in the NTLMSSP authentication implementation. A remote\nattacker could use this issue to downgrade connections to\nplain text by performing a man in the middle attack.\n(CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller\nwould establish a secure connection to a server with a\nspoofed computer name. A remote attacker could use this\nissue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP\nimplementation did not enforce integrity protection. A\nremote attacker could use this issue to hijack LDAP\nconnections by performing a man in the middle attack.\n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS\ncertificates. A remote attacker could use this issue to\nspoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB\nsigning even if configured to. A remote attacker could use\nthis issue to perform a man in the middle attack.\n(CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable\nintegrity protection for IPC traffic. A remote attacker\ncould use this issue to perform a man in the middle attack.\n(CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled\nthe MS-SAMR and MS-LSAD protocols. A remote attacker could\nuse this flaw with a man in the middle attack to impersonate\nusers and obtain sensitive information from the Security\nAccount Manager database. This flaw is known as Badlock.\n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and\nUbuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25\nwith backported security fixes.\n\nIn addition to security fixes, the updated packages contain\nbug fixes, new features, and possibly incompatible changes.\nConfiguration changes may be required in certain\nenvironments.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2950-5/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"samba\", pkgver:\"2:4.3.9+dfsg-0ubuntu0.14.04.3\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"samba\", pkgver:\"2:4.3.9+dfsg-0ubuntu0.15.10.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"samba\", pkgver:\"2:4.3.9+dfsg-0ubuntu0.16.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:24:39", "description": "USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages introduced a compatibility issue with NTLM authentication in libsoup.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack.\n(CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack.\n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack.\n(CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack.\n(CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock.\n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\nConfiguration changes may be required in certain environments.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-02T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : libsoup2.4 update (USN-2950-2) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libsoup2.4-1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-2950-2.NASL", "href": "https://www.tenable.com/plugins/nessus/90824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2950-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90824);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"USN\", value:\"2950-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.10 / 16.04 LTS : libsoup2.4 update (USN-2950-2) (Badlock)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2950-1 fixed vulnerabilities in Samba. The updated Samba packages\nintroduced a compatibility issue with NTLM authentication in libsoup.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the\nDCE/RPC implementation. A remote attacker could use this issue to\nperform a denial of service, downgrade secure connections by\nperforming a man in the middle attack, or possibly execute arbitrary\ncode. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple\nflaws in the NTLMSSP authentication implementation. A remote\nattacker could use this issue to downgrade connections to\nplain text by performing a man in the middle attack.\n(CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller\nwould establish a secure connection to a server with a\nspoofed computer name. A remote attacker could use this\nissue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP\nimplementation did not enforce integrity protection. A\nremote attacker could use this issue to hijack LDAP\nconnections by performing a man in the middle attack.\n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS\ncertificates. A remote attacker could use this issue to\nspoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB\nsigning even if configured to. A remote attacker could use\nthis issue to perform a man in the middle attack.\n(CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable\nintegrity protection for IPC traffic. A remote attacker\ncould use this issue to perform a man in the middle attack.\n(CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled\nthe MS-SAMR and MS-LSAD protocols. A remote attacker could\nuse this flaw with a man in the middle attack to impersonate\nusers and obtain sensitive information from the Security\nAccount Manager database. This flaw is known as Badlock.\n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and\nUbuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25\nwith backported security fixes.\n\nIn addition to security fixes, the updated packages contain\nbug fixes, new features, and possibly incompatible changes.\nConfiguration changes may be required in certain\nenvironments.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2950-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup2.4-1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsoup2.4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|15\\.10|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.10 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libsoup2.4-1\", pkgver:\"2.44.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"libsoup2.4-1\", pkgver:\"2.50.0-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libsoup2.4-1\", pkgver:\"2.52.2-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup2.4-1\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:26", "description": "Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-14T00:00:00", "type": "nessus", "title": "Fedora 23 : samba-4.3.8-0.fc23 (2016-be53260726) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-BE53260726.NASL", "href": "https://www.tenable.com/plugins/nessus/90519", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-be53260726.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90519);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"FEDORA\", value:\"2016-be53260726\");\n\n script_name(english:\"Fedora 23 : samba-4.3.8-0.fc23 (2016-be53260726) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111,\nCVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115,\nCVE-2016-2118\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1309987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1312082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1312084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1317990\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?947f4e2e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"samba-4.3.8-0.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:44", "description": "Jouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack. (CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock. (CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10.\nUbuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Configuration changes may be required in certain environments.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-19T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2950-1) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:samba", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2950-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90588", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2950-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90588);\n script_version(\"2.15\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"USN\", value:\"2950-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2950-1) (Badlock)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jouni Knuutinen discovered that Samba contained multiple flaws in the\nDCE/RPC implementation. A remote attacker could use this issue to\nperform a denial of service, downgrade secure connections by\nperforming a man in the middle attack, or possibly execute arbitrary\ncode. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in\nthe NTLMSSP authentication implementation. A remote attacker could use\nthis issue to downgrade connections to plain text by performing a man\nin the middle attack. (CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would\nestablish a secure connection to a server with a spoofed computer\nname. A remote attacker could use this issue to obtain sensitive\ninformation. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did\nnot enforce integrity protection. A remote attacker could use this\nissue to hijack LDAP connections by performing a man in the middle\nattack. (CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS\ncertificates. A remote attacker could use this issue to spoof a Samba\nserver. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing\neven if configured to. A remote attacker could use this issue to\nperform a man in the middle attack. (CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity\nprotection for IPC traffic. A remote attacker could use this issue to\nperform a man in the middle attack. (CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the\nMS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw\nwith a man in the middle attack to impersonate users and obtain\nsensitive information from the Security Account Manager database. This\nflaw is known as Badlock. (CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10.\nUbuntu 12.04 LTS has been updated to 3.6.25 with backported security\nfixes.\n\nIn addition to security fixes, the updated packages contain bug fixes,\nnew features, and possibly incompatible changes. Configuration changes\nmay be required in certain environments.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2950-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"samba\", pkgver:\"2:3.6.25-0ubuntu0.12.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"samba\", pkgver:\"2:4.3.8+dfsg-0ubuntu0.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"samba\", pkgver:\"2:4.3.8+dfsg-0ubuntu0.15.10.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:44", "description": "Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-14T00:00:00", "type": "nessus", "title": "Fedora 22 : samba-4.2.11-0.fc22 (2016-48b3761baa) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-48B3761BAA.NASL", "href": "https://www.tenable.com/plugins/nessus/90516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-48b3761baa.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90516);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"FEDORA\", value:\"2016-48b3761baa\");\n\n script_name(english:\"Fedora 22 : samba-4.2.11-0.fc22 (2016-48b3761baa) (Badlock)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111,\nCVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115,\nCVE-2016-2118\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1309987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1311910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1312082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1312084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1317990\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6218c3b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"samba-4.2.11-0.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:23:45", "description": "An update for samba is now available for Red Hat Enterprise Linux 7.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\n\nThe following packages have been upgraded to a newer upstream version:\nSamba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "RHEL 7 : samba (RHSA-2016:0618) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-devel", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:ipa-admintools", "p-cpe:/a:redhat:enterprise_linux:ipa-client", "p-cpe:/a:redhat:enterprise_linux:ipa-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ipa-python", "p-cpe:/a:redhat:enterprise_linux:ipa-server", "p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad", "p-cpe:/a:redhat:enterprise_linux:ldb-tools", "p-cpe:/a:redhat:enterprise_linux:libldb", "p-cpe:/a:redhat:enterprise_linux:libldb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libldb-devel", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libtalloc", "p-cpe:/a:redhat:enterprise_linux:libtalloc-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtalloc-devel", "p-cpe:/a:redhat:enterprise_linux:libtdb", "p-cpe:/a:redhat:enterprise_linux:libtdb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtdb-devel", "p-cpe:/a:redhat:enterprise_linux:libtevent", "p-cpe:/a:redhat:enterprise_linux:libtevent-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libtevent-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:openchange", "p-cpe:/a:redhat:enterprise_linux:openchange-client", "p-cpe:/a:redhat:enterprise_linux:openchange-debuginfo", "p-cpe:/a:redhat:enterprise_linux:openchange-devel", "p-cpe:/a:redhat:enterprise_linux:openchange-devel-docs", "p-cpe:/a:redhat:enterprise_linux:pyldb", "p-cpe:/a:redhat:enterprise_linux:pyldb-devel", "p-cpe:/a:redhat:enterprise_linux:pytalloc", "p-cpe:/a:redhat:enterprise_linux:pytalloc-devel", "p-cpe:/a:redhat:enterprise_linux:python-tdb", "p-cpe:/a:redhat:enterprise_linux:python-tevent", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-dc", "p-cpe:/a:redhat:enterprise_linux:samba-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-python", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-devel", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "p-cpe:/a:redhat:enterprise_linux:tdb-tools", "cpe:/o:redhat:enterprise_linux:7.1"], "id": "REDHAT-RHSA-2016-0618.NASL", "href": "https://www.tenable.com/plugins/nessus/90495", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0618. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90495);\n script_version(\"2.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"RHSA\", value:\"2016:0618\");\n\n script_name(english:\"RHEL 7 : samba (RHSA-2016:0618) (Badlock)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for samba is now available for Red Hat Enterprise Linux 7.1\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) protocol and the related Common Internet File System (CIFS)\nprotocol, which allow PC-compatible machines to share files, printers,\nand various information.\n\nThe following packages have been upgraded to a newer upstream version:\nSamba (4.2.10). Refer to the Release Notes listed in the References\nsection for a complete list of changes.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in Samba's DCE/RPC protocol\nimplementation. A remote, authenticated attacker could use these flaws\nto cause a denial of service against the Samba server (high CPU load\nor a crash) or, possibly, execute arbitrary code with the permissions\nof the user running Samba (root). This flaw could also be used to\ndowngrade a secure DCE/RPC connection by a man-in-the-middle attacker\ntaking control of an Active Directory (AD) object and compromising the\nsecurity of a Samba Active Directory Domain Controller (DC).\n(CVE-2015-5370)\n\nNote: While Samba packages as shipped in Red Hat Enterprise Linux do\nnot support running Samba as an AD DC, this flaw applies to all roles\nSamba implements.\n\n* A protocol flaw, publicly referred to as Badlock, was found in the\nSecurity Account Manager Remote Protocol (MS-SAMR) and the Local\nSecurity Authority (Domain Policy) Remote Protocol (MS-LSAD). Any\nauthenticated DCE/RPC connection that a client initiates against a\nserver could be used by a man-in-the-middle attacker to impersonate\nthe authenticated user against the SAMR or LSA service on the server.\nAs a result, the attacker would be able to get read/write access to\nthe Security Account Manager database, and use this to reveal all\npasswords or any other potentially sensitive information in that\ndatabase. (CVE-2016-2118)\n\n* Several flaws were found in Samba's implementation of NTLMSSP\nauthentication. An unauthenticated, man-in-the-middle attacker could\nuse this flaw to clear the encryption and integrity flags of a\nconnection, causing data to be transmitted in plain text. The attacker\ncould also force the client or server into sending data in plain text\neven if encryption was explicitly requested for that connection.\n(CVE-2016-2110)\n\n* It was discovered that Samba configured as a Domain Controller would\nestablish a secure communication channel with a machine using a\nspoofed computer name. A remote attacker able to observe network\ntraffic could use this flaw to obtain session-related information\nabout the spoofed machine. (CVE-2016-2111)\n\n* It was found that Samba's LDAP implementation did not enforce\nintegrity protection for LDAP connections. A man-in-the-middle\nattacker could use this flaw to downgrade LDAP connections to use no\nintegrity protection, allowing them to hijack such connections.\n(CVE-2016-2112)\n\n* It was found that Samba did not validate SSL/TLS certificates in\ncertain connections. A man-in-the-middle attacker could use this flaw\nto spoof a Samba server using a specially crafted SSL/TLS certificate.\n(CVE-2016-2113)\n\n* It was discovered that Samba did not enforce Server Message Block\n(SMB) signing for clients using the SMB1 protocol. A man-in-the-middle\nattacker could use this flaw to modify traffic between a client and a\nserver. (CVE-2016-2114)\n\n* It was found that Samba did not enable integrity protection for IPC\ntraffic by default. A man-in-the-middle attacker could use this flaw\nto view and modify the data sent between a Samba server and a client.\n(CVE-2016-2115)\n\nRed Hat would like to thank the Samba project for reporting these\nissues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the\noriginal reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as\nthe original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112,\nCVE-2016-2113, CVE-2016-2114, and CVE-2016-2115.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5370\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2118\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-admintools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libldb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtevent-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pyldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pyldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pytalloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pytalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0618\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ctdb-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"i686\", reference:\"ctdb-devel-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ctdb-devel-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ctdb-tests-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"ipa-admintools-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ipa-admintools-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"ipa-client-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ipa-client-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"ipa-debuginfo-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ipa-debuginfo-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"ipa-python-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ipa-python-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ipa-server-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ipa-server-trust-ad-4.1.0-18.el7_1.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"ldb-tools-1.1.25-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"ldb-tools-1.1.25-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libldb-1.1.25-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libldb-debuginfo-1.1.25-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libldb-devel-1.1.25-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libsmbclient-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libsmbclient-devel-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtalloc-2.1.5-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtalloc-debuginfo-2.1.5-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtalloc-devel-2.1.5-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtdb-1.3.8-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtdb-debuginfo-1.3.8-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtdb-devel-1.3.8-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtevent-0.9.26-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtevent-debuginfo-0.9.26-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libtevent-devel-0.9.26-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libwbclient-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"libwbclient-devel-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"i686\", reference:\"openchange-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"openchange-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"openchange-client-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"i686\", reference:\"openchange-debuginfo-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"openchange-debuginfo-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"i686\", reference:\"openchange-devel-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"openchange-devel-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"openchange-devel-docs-2.0-4.el7_1.1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"pyldb-1.1.25-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"pyldb-devel-1.1.25-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"pytalloc-2.1.5-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"pytalloc-devel-2.1.5-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"python-tdb-1.3.8-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"python-tevent-0.9.26-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"python-tevent-0.9.26-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-client-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-client-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-client-libs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-common-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-common-libs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-common-tools-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-dc-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-dc-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-dc-libs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-debuginfo-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-devel-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-libs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-pidl-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-python-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-python-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-test-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-test-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-test-devel-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-test-libs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-winbind-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-winbind-clients-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"samba-winbind-modules-4.2.10-5.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"tdb-tools-1.3.8-1.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"tdb-tools-1.3.8-1.el7_1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-devel / ctdb-tests / ipa-admintools / ipa-client / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T20:25:08", "description": "USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the 'client ipc signing' parameter to 'auto'.\n\nWe apologize for the inconvenience.\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the DCE/RPC implementation. A remote attacker could use this issue to perform a denial of service, downgrade secure connections by performing a man in the middle attack, or possibly execute arbitrary code. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple flaws in the NTLMSSP authentication implementation. A remote attacker could use this issue to downgrade connections to plain text by performing a man in the middle attack.\n(CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller would establish a secure connection to a server with a spoofed computer name. A remote attacker could use this issue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP implementation did not enforce integrity protection. A remote attacker could use this issue to hijack LDAP connections by performing a man in the middle attack.\n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS certificates. A remote attacker could use this issue to spoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB signing even if configured to. A remote attacker could use this issue to perform a man in the middle attack.\n(CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable integrity protection for IPC traffic. A remote attacker could use this issue to perform a man in the middle attack.\n(CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled the MS-SAMR and MS-LSAD protocols. A remote attacker could use this flaw with a man in the middle attack to impersonate users and obtain sensitive information from the Security Account Manager database. This flaw is known as Badlock.\n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and Ubuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25 with backported security fixes.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\nConfiguration changes may be required in certain environments.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-05-19T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : samba regressions (USN-2950-4) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:samba", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2950-4.NASL", "href": "https://www.tenable.com/plugins/nessus/91256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2950-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91256);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"USN\", value:\"2950-4\");\n\n script_name(english:\"Ubuntu 12.04 LTS : samba regressions (USN-2950-4) (Badlock)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-2950-1 fixed vulnerabilities in Samba. The backported fixes\nintroduced in Ubuntu 12.04 LTS caused interoperability issues. This\nupdate fixes compatibility with certain NAS devices, and allows\nconnecting to Samba 3.6 servers by relaxing the 'client ipc signing'\nparameter to 'auto'.\n\nWe apologize for the inconvenience.\n\nJouni Knuutinen discovered that Samba contained multiple flaws in the\nDCE/RPC implementation. A remote attacker could use this issue to\nperform a denial of service, downgrade secure connections by\nperforming a man in the middle attack, or possibly execute arbitrary\ncode. (CVE-2015-5370)\n\nStefan Metzmacher discovered that Samba contained multiple\nflaws in the NTLMSSP authentication implementation. A remote\nattacker could use this issue to downgrade connections to\nplain text by performing a man in the middle attack.\n(CVE-2016-2110)\n\nAlberto Solino discovered that a Samba domain controller\nwould establish a secure connection to a server with a\nspoofed computer name. A remote attacker could use this\nissue to obtain sensitive information. (CVE-2016-2111)\n\nStefan Metzmacher discovered that the Samba LDAP\nimplementation did not enforce integrity protection. A\nremote attacker could use this issue to hijack LDAP\nconnections by performing a man in the middle attack.\n(CVE-2016-2112)\n\nStefan Metzmacher discovered that Samba did not validate TLS\ncertificates. A remote attacker could use this issue to\nspoof a Samba server. (CVE-2016-2113)\n\nStefan Metzmacher discovered that Samba did not enforce SMB\nsigning even if configured to. A remote attacker could use\nthis issue to perform a man in the middle attack.\n(CVE-2016-2114)\n\nStefan Metzmacher discovered that Samba did not enable\nintegrity protection for IPC traffic. A remote attacker\ncould use this issue to perform a man in the middle attack.\n(CVE-2016-2115)\n\nStefan Metzmacher discovered that Samba incorrectly handled\nthe MS-SAMR and MS-LSAD protocols. A remote attacker could\nuse this flaw with a man in the middle attack to impersonate\nusers and obtain sensitive information from the Security\nAccount Manager database. This flaw is known as Badlock.\n(CVE-2016-2118)\n\nSamba has been updated to 4.3.8 in Ubuntu 14.04 LTS and\nUbuntu 15.10. Ubuntu 12.04 LTS has been updated to 3.6.25\nwith backported security fixes.\n\nIn addition to security fixes, the updated packages contain\nbug fixes, new features, and possibly incompatible changes.\nConfiguration changes may be required in certain\nenvironments.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2950-4/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"samba\", pkgver:\"2:3.6.25-0ubuntu0.12.04.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:20", "description": "The version of Samba on the remote host is 4.3.x prior to 4.3.7 and is affected by the following vulnerabilities :\n\n - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)\n - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)\n - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)\n - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)\n - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)\n - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)\n - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)\n - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-12T00:00:00", "type": "nessus", "title": "Samba 4.3.x < 4.3.7 Multiple Vulnerabilities (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118", "CVE-2016-2114"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*"], "id": "9232.PRM", "href": "https://www.tenable.com/plugins/nnm/9232", "sourceData": "Binary data 9232.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:42:20", "description": "The version of Samba on the remote host is 4.4.x prior to 4.4.1 and is affected by the following vulnerabilities :\n\n - A flaw exists in the DCE-RPC client when handling specially crafted DCE-RPC packets. A man-in-the-middle (MitM) attacker can exploit this to downgrade the connection security, cause a denial of service through resource exhaustion, or potentially execute arbitrary code. (CVE-2015-5370)\n - A flaw exists in the implementation of NTLMSSP authentication. A MitM attacker can exploit this to clear the NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL settings, take over the connections, cause traffic to be sent unencrypted, or have other unspecified impact. (CVE-2016-2110)\n - A flaw exists in NETLOGON due to a failure to properly establish a secure channel connection. A MitM attacker can exploit this to spoof the computer names of a secure channel's endpoints, potentially gaining session information. (CVE-2016-2111)\n - A flaw exists in the integrity protection mechanisms that allows a MitM attacker to downgrade a secure LDAP connection to an insecure version. (CVE-2016-2112)\n - A flaw exists due to improper validation of TLS certificates for the LDAP and HTTP protocols. A MitM attacker can exploit this, via a crafted certificate, to spoof a server, resulting in the disclosure or manipulation of the transmitted traffic. (CVE-2016-2113)\n - A flaw exists due to a failure to enforce the 'server signing = mandatory' option in smb.conf for clients using the SMB1 protocol. A MitM attacker can exploit this to conduct spoofing attacks. (CVE-2016-2114)\n - A flaw exists due to a failure to perform integrity checking for SMB client connections. A MitM attacker can exploit this to conduct spoofing attacks since the protection mechanisms for DCERPC communication sessions are inherited from the underlying SMB connection. (CVE-2016-2115)\n - A flaw, known as Badlock, exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A MitM attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services. (CVE-2016-2118)", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-12T00:00:00", "type": "nessus", "title": "Samba 4.4.x < 4.4.1 Multiple Vulnerabilities (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118", "CVE-2016-2114"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*"], "id": "9233.PRM", "href": "https://www.tenable.com/plugins/nnm/9233", "sourceData": "Binary data 9233.prm", "cvss": {"score": 6.8, "vector": "CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:43:13", "description": "Versions of Samba prior to 4.2.10 / 4.2.11, 4.3.7 / 4.3.8 and 4.4.1 / 4.4.2 are unpatched for the badlock vulnerability.\n", "cvss3": {"score": null, "vector": null}, "published": "2016-02-12T00:00:00", "type": "nessus", "title": "Samba < 4.2.10/11, < 4.3.7/8, < 4.4.1/2 badlock Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2115", "CVE-2016-2118", "CVE-2016-2114"], "modified": "2016-02-12T00:00:00", "cpe": [], "id": "801967.PRM", "href": "https://www.tenable.com/plugins/lce/801967", "sourceData": "Binary data 801967.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:23:34", "description": "New samba packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-18T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / current : samba (SSA:2016-106-02) (Badlock)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:samba", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2016-106-02.NASL", "href": "https://www.tenable.com/plugins/nessus/90548", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-106-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90548);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5370\", \"CVE-2016-2110\", \"CVE-2016-2111\", \"CVE-2016-2112\", \"CVE-2016-2113\", \"CVE-2016-2114\", \"CVE-2016-2115\", \"CVE-2016-2118\");\n script_xref(name:\"SSA\", value:\"2016-106-02\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / current : samba (SSA:2016-106-02) (Badlock)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New samba packages are available for Slackware 14.0, 14.1, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.458012\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0837cf4e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"samba\", pkgver:\"4.2.11\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\&quo
CVE-2016-2118
