DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-14323", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-14323", "description": "A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.", "published": "2020-10-29T20:15:00", "modified": "2022-09-01T16:34:00", "epss": [{"cve": "CVE-2020-14323", "epss": 0.00059, "percentile": 0.23041, "modified": "2023-06-06"}], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14323", "reporter": "secalert@redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1891685", "https://www.samba.org/samba/security/CVE-2020-14323.html", "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html", "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/", "https://security.netapp.com/advisory/ntap-20201103-0001/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/", "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html", "https://security.gentoo.org/glsa/202012-24"], "cvelist": ["CVE-2020-14323"], "immutableFields": [], "lastseen": "2023-06-06T14:23:51", "viewCount": 281, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1647"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-14323"]}, {"type": "altlinux", "idList": ["170D54EDD249487BB062C7F3E4D7878D"]}, {"type": "amazon", "idList": ["ALAS-2021-1469", "ALAS2-2021-1585", "ALAS2-2021-1649"]}, {"type": "centos", "idList": ["CESA-2020:5439"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2463-1:1381E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-14323"]}, {"type": "f5", "idList": ["F5:K93951507"]}, {"type": "fedora", "idList": ["FEDORA:30729309E0FC", "FEDORA:A537530C3DF3"]}, {"type": "freebsd", "idList": ["9CA85B7C-1B31-11EB-8762-005056A311D1"]}, {"type": "gentoo", "idList": ["GLSA-202012-24"]}, {"type": "ibm", "idList": ["0AC735C19116A7FB66D9921F93B7D9FF1E6BB4F1F2A9AF8B4AA371BC3E7211BE", "0D4E3D956FBA167DB2FBE7EE5345BF4C81DCA6F2A7F3B02200A7942FAEDB8BA4", "91E290A437F7E6402D40BA6205529A874531B0D98AFE424303A198CEA9D0A12F", "AF6F5E8D743541D0F8A71BA69942C43FFE6E6C6366A3E623C1F18832A402B700", "C906AC8CE7A194509678C141B3CDFED95CB81C4B0E9FB6DCFF19E6D870557393"]}, {"type": "mageia", "idList": ["MGASA-2020-0410"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1585.NASL", "AL2_ALAS-2021-1649.NASL", "ALA_ALAS-2021-1469.NASL", "ALMA_LINUX_ALSA-2021-1647.NASL", "CENTOS8_RHSA-2021-1647.NASL", "CENTOS_RHSA-2020-5439.NASL", "DEBIAN_DLA-2463.NASL", "EULEROS_SA-2020-2491.NASL", "EULEROS_SA-2020-2504.NASL", "EULEROS_SA-2020-2533.NASL", "EULEROS_SA-2021-1050.NASL", "EULEROS_SA-2021-1118.NASL", "EULEROS_SA-2021-1229.NASL", "EULEROS_SA-2021-1357.NASL", "EULEROS_SA-2021-1423.NASL", "EULEROS_SA-2021-1517.NASL", "EULEROS_SA-2021-1533.NASL", "EULEROS_SA-2021-1625.NASL", "EULEROS_SA-2021-1635.NASL", "EULEROS_SA-2021-2168.NASL", "FEDORA_2020-2E1A1489BE.NASL", "FEDORA_2020-C1E9AE02D2.NASL", "FREEBSD_PKG_9CA85B7C1B3111EB8762005056A311D1.NASL", "GENTOO_GLSA-202012-24.NASL", "NEWSTART_CGSL_NS-SA-2021-0024_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2021-0167_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2022-0058_SAMBA.NASL", "OPENSUSE-2020-1811.NASL", "OPENSUSE-2020-1819.NASL", "ORACLELINUX_ELSA-2020-5439.NASL", "ORACLELINUX_ELSA-2021-1647.NASL", "REDHAT-RHSA-2020-5439.NASL", "REDHAT-RHSA-2021-1647.NASL", "REDHAT-RHSA-2021-3723.NASL", "SAMBA_4_13_1.NASL", "SL_20201215_SAMBA_ON_SL7_X.NASL", "SUSE_SU-2020-14525-1.NASL", "SUSE_SU-2020-3081-1.NASL", "SUSE_SU-2020-3082-1.NASL", "SUSE_SU-2020-3083-1.NASL", "SUSE_SU-2020-3087-1.NASL", "SUSE_SU-2020-3092-1.NASL", "SUSE_SU-2020-3093-1.NASL", "SUSE_SU-2023-0122-1.NASL", "UBUNTU_USN-4611-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5439", "ELSA-2021-1647"]}, {"type": "osv", "idList": ["OSV:DLA-2463-1"]}, {"type": "redhat", "idList": ["RHSA-2020:5439", "RHSA-2021:1647", "RHSA-2021:3723"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-14323"]}, {"type": "rocky", "idList": ["RLSA-2021:1647"]}, {"type": "samba", "idList": ["SAMBA:CVE-2020-14323"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1811-1", "OPENSUSE-SU-2020:1819-1"]}, {"type": "ubuntu", "idList": ["USN-4611-1", "USN-4931-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-14323"]}, {"type": "veracode", "idList": ["VERACODE:27838"]}]}, "score": {"value": 2.9, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-04-23T01:09:35", "tweets": [{"link": "https://twitter.com/VulmonFeeds/status/1385757684142645254", "text": "CVE-2020-14323\n\nA null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service c...\n\nhttps://t.co/bBeOer4axM?amp=1"}, {"link": "https://twitter.com/VulmonFeeds/status/1385757684142645254", "text": "CVE-2020-14323\n\nA null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service c...\n\nhttps://t.co/bBeOer4axM?amp=1"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1647"]}, {"type": "amazon", "idList": ["ALAS-2021-1469", "ALAS2-2021-1585"]}, {"type": "centos", "idList": ["CESA-2020:5439"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2463-1:1381E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-14323"]}, {"type": "f5", "idList": ["F5:K93951507"]}, {"type": "fedora", "idList": ["FEDORA:30729309E0FC", "FEDORA:A537530C3DF3"]}, {"type": "freebsd", "idList": ["9CA85B7C-1B31-11EB-8762-005056A311D1"]}, {"type": "gentoo", "idList": ["GLSA-202012-24"]}, {"type": "ibm", "idList": ["91E290A437F7E6402D40BA6205529A874531B0D98AFE424303A198CEA9D0A12F"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1585.NASL", "ALA_ALAS-2021-1469.NASL", "CENTOS_RHSA-2020-5439.NASL", "DEBIAN_DLA-2463.NASL", "EULEROS_SA-2020-2491.NASL", "EULEROS_SA-2020-2504.NASL", "EULEROS_SA-2020-2533.NASL", "EULEROS_SA-2021-1050.NASL", "EULEROS_SA-2021-1118.NASL", "FEDORA_2020-C1E9AE02D2.NASL", "FREEBSD_PKG_9CA85B7C1B3111EB8762005056A311D1.NASL", "GENTOO_GLSA-202012-24.NASL", "OPENSUSE-2020-1819.NASL", "ORACLELINUX_ELSA-2020-5439.NASL", "REDHAT-RHSA-2020-5439.NASL", "SL_20201215_SAMBA_ON_SL7_X.NASL", "SUSE_SU-2020-14525-1.NASL", "SUSE_SU-2020-3081-1.NASL", "SUSE_SU-2020-3082-1.NASL", "SUSE_SU-2020-3083-1.NASL", "SUSE_SU-2020-3087-1.NASL", "SUSE_SU-2020-3092-1.NASL", "SUSE_SU-2020-3093-1.NASL", "UBUNTU_USN-4611-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5439"]}, {"type": "redhat", "idList": ["RHSA-2021:3723"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-14323"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1811-1", "OPENSUSE-SU-2020:1819-1"]}, {"type": "ubuntu", "idList": ["USN-4611-1", "USN-4931-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-14323"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "samba", "version": 4}, {"name": "samba", "version": 4}, {"name": "samba", "version": 4}, {"name": "opensuse leap", "version": 15}, {"name": "opensuse leap", "version": 15}, {"name": "fedoraproject fedora", "version": 32}, {"name": "fedoraproject fedora", "version": 33}, {"name": "debian debian linux", "version": 9}]}, "epss": [{"cve": "CVE-2020-14323", "epss": 0.00059, "percentile": 0.22949, "modified": "2023-05-07"}], "vulnersScore": 2.9}, "_state": {"dependencies": 1686073041, "score": 1686062979, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "75ab8bfef8ff1d00daff499701ca88bd"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:opensuse:leap:15.2", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:opensuse:leap:15.1", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:fedoraproject:fedora:33"], "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"], "cwe": ["CWE-476"], "affectedSoftware": [{"cpeName": "samba:samba", "version": "4.12.9", "operator": "lt", "name": "samba"}, {"cpeName": "samba:samba", "version": "4.13.1", "operator": "lt", "name": "samba"}, {"cpeName": "samba:samba", "version": "4.11.15", "operator": "lt", "name": "samba"}, {"cpeName": "opensuse:leap", "version": "15.1", "operator": "eq", "name": "opensuse leap"}, {"cpeName": "opensuse:leap", "version": "15.2", "operator": "eq", "name": "opensuse leap"}, {"cpeName": "fedoraproject:fedora", "version": "32", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "debian:debian_linux", "version": "9.0", "operator": "eq", "name": "debian debian linux"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:samba:samba:4.12.9:*:*:*:*:*:*:*", "versionStartIncluding": "4.12.0", "versionEndExcluding": "4.12.9", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:samba:samba:4.13.1:*:*:*:*:*:*:*", "versionStartIncluding": "4.13.0", "versionEndExcluding": "4.13.1", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:samba:samba:4.11.15:*:*:*:*:*:*:*", "versionStartIncluding": "3.6.0", "versionEndExcluding": "4.11.15", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1891685", "refsource": "MISC", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://www.samba.org/samba/security/CVE-2020-14323.html", "name": "https://www.samba.org/samba/security/CVE-2020-14323.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html", "name": "openSUSE-SU-2020:1819", "refsource": "SUSE", "tags": ["Third Party Advisory"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html", "name": "openSUSE-SU-2020:1811", "refsource": "SUSE", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/", "name": "FEDORA-2020-c1e9ae02d2", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20201103-0001/", "name": "https://security.netapp.com/advisory/ntap-20201103-0001/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/", "name": "FEDORA-2020-2e1a1489be", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html", "name": "[debian-lts-announce] 20201123 [SECURITY] [DLA 2463-1] samba security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202012-24", "name": "GLSA-202012-24", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Opensuse", "product": "Leap"}, {"vendor": "Fedoraproject", "product": "Fedora"}, {"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Samba", "product": "Samba"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-170", "description": "CWE-170", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"ubuntucve": [{"lastseen": "2023-08-09T17:28:23", "description": "A null pointer dereference flaw was found in samba's Winbind service in\nversions before 4.11.15, before 4.12.9 and before 4.13.1. A local user\ncould use this flaw to crash the winbind service causing denial of service.\n\n#### Bugs\n\n * <https://bugzilla.samba.org/show_bug.cgi?id=14436>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This is GHSL-2020-134\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-14323", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14323"], "modified": "2020-10-29T00:00:00", "id": "UB:CVE-2020-14323", "href": "https://ubuntu.com/security/CVE-2020-14323", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "samba": [{"lastseen": "2023-06-06T15:49:06", "description": "## Description\n\nwinbind in version 3.6 and later implements a request to\ntranslate multiple Windows SIDs into names in one request. This\nwas done for performance reasons: Active Directory domain\ncontrollers can do multiple SID to name translations in one RPC\ncall. It was an obvious extension to also offer this batch\noperation on the winbind unix domain stream socket that is\navailable to local processes on the Samba server to reduce\nnetwork round-trips to the domain controller.\n\nDue to improper input validation a hand-crafted packet can make\nwinbind perform a NULL pointer dereference and thus crash.\n## Patch Availability\n\nPatches addressing both these issues have been posted to:\n\n https://www.samba.org/samba/security/\n\nAdditionally, Samba 4.11.15, 4.12.9 and 4.13.1 have been issued as\nsecurity releases to correct the defect. Samba administrators are\nadvised to upgrade to these releases or apply the patch as soon as\npossible.\n## CVSSv3 calculation\n\nCVSS 3.1: AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H (5.0)\n## Workaround and mitigating factors\n\nAny user with local shell access to the machine running winbind can\nissue the winbind socket request. The only workaround is to disable\nshell access to exposed machines.\n\nTypical file servers don't offer full local access, they are not\naffected.\n## Credits\n\nOriginally reported by Bas Alberts of the GitHub Security Lab Team as\nGHSL-2020-134.\n\nAdvisory written by Volker Lendecke of SerNet and the Samba Team.\n\nPatches provided by Volker Lendecke of SerNet and the Samba Team.\n\n== Our Code, Our Bugs, Our Responsibility.\n== The Samba Team", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-29T00:00:00", "type": "samba", "title": "Unprivileged user can crash winbind", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14323"], "modified": "2020-10-29T00:00:00", "id": "SAMBA:CVE-2020-14323", "href": "https://www.samba.org/samba/security/CVE-2020-14323.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-06T15:01:28", "description": "A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-29T20:15:00", "type": "debiancve", "title": "CVE-2020-14323", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14323"], "modified": "2020-10-29T20:15:00", "id": "DEBIANCVE:CVE-2020-14323", "href": "https://security-tracker.debian.org/tracker/CVE-2020-14323", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:46", "description": "A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-29T20:15:00", "type": "alpinelinux", "title": "CVE-2020-14323", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14323"], "modified": "2022-09-01T16:34:00", "id": "ALPINE:CVE-2020-14323", "href": "https://security.alpinelinux.org/vuln/CVE-2020-14323", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-09-06T05:53:14", "description": "A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-29T11:29:25", "type": "redhatcve", "title": "CVE-2020-14323", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14323"], "modified": "2023-08-31T16:00:42", "id": "RH:CVE-2020-14323", "href": "https://access.redhat.com/security/cve/cve-2020-14323", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-04-18T12:56:36", "description": "samba is vulnerable to denial of service. The vulnerability exists through a null pointer dereference flaw found in the Winbind service which allows an attacker to cause an application crash.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-09T05:13:27", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14323"], "modified": "2022-09-01T18:15:33", "id": "VERACODE:27838", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27838/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2023-02-27T21:47:19", "description": "## Summary\n\nMultiple samba vulnerabilities affect IBM Spectrum Scale SMB protocol access method that could cause denial of service. A fix for these vulnerabilities is available.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14318](<https://vulners.com/cve/CVE-2020-14318>) \n** DESCRIPTION: **Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a missing permissions check on a directory handle requesting ChangeNotify. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain file name information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-14323](<https://vulners.com/cve/CVE-2020-14323>) \n** DESCRIPTION: **Samba is vulnerable to a denial of service, caused by a NULL pointer dereference in the Winbind service. By sending a specially-crafted packet, a local authenticated attacker could exploit this vulnerability to crash the winbind service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190934](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190934>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Spectrum Scale| 5.0.0 - 5.0.5.4 \nIBM Spectrum Scale| 5.1.0 \n \n\n\n## Remediation/Fixes\n\nFor IBM Spectrum Scale V5.0.0 through V5.0.5.4, apply V5.0.5.5 available from FixCentral at \n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=5.0.5&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.5&platform=All&function=all>)\n\nFor IBM Spectrum Scale V5.1.0, apply V5.1.0.1 available from FixCentral at\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&amp;product=ibm/StorageSoftware/IBM+Spectrum+Scale&amp;release=5.1.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.1.0&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-25T05:03:53", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in samba affect IBM Spectrum Scale SMB protocol access method.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-01-25T05:03:53", "id": "C906AC8CE7A194509678C141B3CDFED95CB81C4B0E9FB6DCFF19E6D870557393", "href": "https://www.ibm.com/support/pages/node/6407802", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-27T21:49:00", "description": "## Summary\n\nSamba is supported on IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14323](<https://vulners.com/cve/CVE-2020-14323>) \n** DESCRIPTION: **Samba is vulnerable to a denial of service, caused by a NULL pointer dereference in the Winbind service. By sending a specially-crafted packet, a local authenticated attacker could exploit this vulnerability to crash the winbind service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190934](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190934>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14318](<https://vulners.com/cve/CVE-2020-14318>) \n** DESCRIPTION: **Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a missing permissions check on a directory handle requesting ChangeNotify. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain file name information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM i| 7.4 \nIBM i| 7.3 \nIBM i| 7.2 \n \n \n\n\n## Remediation/Fixes\n\nThe issues can be resolved by applying a PTF to IBM i.\n\nReleases 7.4, 7.3, and 7.2 of IBM i are supported and will be fixed.\n\n \n\n\nThe IBM i PTF numbers are:\n\n**Release 7.4 \u2013 SI74697 \nRelease 7.3 \u2013 SI74696 \nRelease 7.2 \u2013 SI74695**\n\n<https://www-945.ibm.com/support/fixcentral/>\n\n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-11-11T20:50:06", "type": "ibm", "title": "Security Bulletin: Samba for IBM i is affected by CVE-2020-14323 and CVE-2020-14318", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2020-11-11T20:50:06", "id": "AF6F5E8D743541D0F8A71BA69942C43FFE6E6C6366A3E623C1F18832A402B700", "href": "https://www.ibm.com/support/pages/node/6366855", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-05-31T14:22:21", "description": "## Summary\n\nMultiple vulnerabilities have been identified within Spectrum Scale, a supporting product shipped as patternType or pType with Cloud Pak System. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nMain Product Version(s)| Affected Supporting Product Version(s) \n---|--- \nIBM Cloud Pak System v2.3| IBM Spectrum Scale 5.0.0 - 5.0.5.4 \n \n\n\n## Remediation/Fixes\n\n \n\n\n**CVE(s)**| **Main Product Version(s)**| **Affected Supporting product Version(s)**| **Security Bulletin / Remediation Fix** \n---|---|---|--- \n \nCVE-2020-14318 \n\n| IBM Cloud Pak System v.2.3.2-0 - v.2.3.3.3 \n| IBM Spectrum Scale 5.0.0 - 5.0.5.4 \n \n| \n\n[Multiple vulnerabilities in samba affect IBM Spectrum Scale SMB protocol access method](<https://www.ibm.com/support/pages/node/6407802> \"Multiple vulnerabilities in samba affect IBM Spectrum Scale SMB protocol access method\" )\n\nor \n\nUpgrade to IBM Cloud Pak System V2.3.3.4 target availability on 26th November 2021.\n\nInformation on upgrading : <http://www.ibm.com/support/docview.wss?uid=ibm10887959> \n \nCVE-2020-14323 \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-19T17:27:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities found in Spectrum Scale affect IBM Cloud Pak System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-05-19T17:27:44", "id": "91E290A437F7E6402D40BA6205529A874531B0D98AFE424303A198CEA9D0A12F", "href": "https://www.ibm.com/support/pages/node/6449318", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-06-06T17:55:48", "description": "## Summary\n\nIBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-20254](<https://vulners.com/cve/CVE-2021-20254>) \n** DESCRIPTION: **Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a coding error when converting SIDs to gids. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause incorrect group entries in the Samba file server process token, and allows unauthorized access to files \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201081>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2020-14323](<https://vulners.com/cve/CVE-2020-14323>) \n** DESCRIPTION: **Samba is vulnerable to a denial of service, caused by a NULL pointer dereference in the Winbind service. By sending a specially-crafted packet, a local authenticated attacker could exploit this vulnerability to crash the winbind service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190934](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190934>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14318](<https://vulners.com/cve/CVE-2020-14318>) \n** DESCRIPTION: **Samba could allow a remote authenticated attacker to obtain sensitive information, caused by a missing permissions check on a directory handle requesting ChangeNotify. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain file name information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191029](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191029>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nStorwize V7000 Unified| 1.6.0.0 - 1.6.2.9 \n \n\n\n## Remediation/Fixes\n\nA fix for this issue is in version 1.6.2.10 of IBM Storwize V7000 Unified. Customers running an affected version of V7000 Unified should upgrade to 1.6.2.10 or a later version, so that the fix gets applied. \n \n[Latest Storwize V7000 Unified Software](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-10-14T16:55:46", "type": "ibm", "title": "Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2021-20254"], "modified": "2021-10-14T16:55:46", "id": "0D4E3D956FBA167DB2FBE7EE5345BF4C81DCA6F2A7F3B02200A7942FAEDB8BA4", "href": "https://www.ibm.com/support/pages/node/6500923", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2023-06-06T17:50:19", "description": "## Summary\n\nVulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner such as denial of service, elevation of privileges, buffer overflow, directory traversal, information disclosure, and bypassing of security restrictions , may affect IBM Spectrum Protect Plus. UPDATE 28 January 2022: CVE-2020-8492 for Python - complete fix in 10.1.9 or higher. UPDATE: 12 March 2022: CVE-2021-3156 for Sudo - complete fix in 10.1.10 or higher UPDATE: 05 May 2022: In the Remediation/Fixes section under \"Notes\", corrected the CVE number of the sudo vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-8492](<https://vulners.com/cve/CVE-2020-8492>) \n** DESCRIPTION: **Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a Regular Expression Denial of Service (ReDoS). \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175462](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175462>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14323](<https://vulners.com/cve/CVE-2020-14323>) \n** DESCRIPTION: **Samba is vulnerable to a denial of service, caused by a NULL pointer dereference in the Winbind service. By sending a specially-crafted packet, a local authenticated attacker could exploit this vulnerability to crash the winbind service. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190934](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190934>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-15436](<https://vulners.com/cve/CVE-2020-15436>) \n** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in fs/block_dev.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, or cause a denial of service condition. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192171](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192171>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3156](<https://vulners.com/cve/CVE-2021-3156>) \n** DESCRIPTION: **Sudo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing command line arguments. By sending an \"sudoedit -s\" and a command-line argument that ends with a single backslash character, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges. This vulnerability is also known as Baron Samedit. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195658](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195658>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3139](<https://vulners.com/cve/CVE-2021-3139>) \n** DESCRIPTION: **Open-iSCSI tcmu-runner could allow a remote attacker to traverse directories on the system, caused by a flaw in the xcopy_locate_udev in tcmur_cmd_handler.c. An attacker could send a specially-crafted XCOPY request to read or write arbitrary files on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194936](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194936>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-35513](<https://vulners.com/cve/CVE-2020-35513>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw with incorrectly umask during file or directory modification in the NFS (network file system) function. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195545](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195545>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35508](<https://vulners.com/cve/CVE-2020-35508>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to bypass security restrictions, caused by a race condition and incorrect initialization in the handling of child/parent process identification. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass checks to send any signal to a privileged process. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198870](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198870>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** Third Party Entry: **189303 \n** DESCRIPTION: **Linux Kernel romfs information disclosure \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/189303 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Plus| 10.1.0-10.1.7 \n \n## Remediation/Fixes\n\n**IBM Spectrum Protect** \n**Plus Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n10.1| 10.1.8 **see Notes**| Linux| \n\n<https://www.ibm.com/support/pages/node/6415111> \n \n** \nNotes: \n**===== \n**CVE-2020-8492 - Python** \nThe 10.1.8 fix was incomplete. Complete fix is in 10.1.9 or higher. Link to 10.1.9: <https://www.ibm.com/support/pages/node/6487159> \n**CVE-2021-3156 - Sudo ** \nThe 10.1.8 fix was incomplete. Complete fix is in 10.1.10 or higher. Link to 10.1.10: <https://www.ibm.com/support/pages/node/6552532>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-06T02:35:57", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14323", "CVE-2020-15436", "CVE-2020-35508", "CVE-2020-35513", "CVE-2020-8492", "CVE-2021-3139", "CVE-2021-3156"], "modified": "2022-05-06T02:35:57", "id": "0AC735C19116A7FB66D9921F93B7D9FF1E6BB4F1F2A9AF8B4AA371BC3E7211BE", "href": "https://www.ibm.com/support/pages/node/6445699", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:29:36", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14525-1 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : samba (SUSE-SU-2020:14525-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-06-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ldapsmb", "p-cpe:/a:novell:suse_linux:libldb1", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-32bit", "p-cpe:/a:novell:suse_linux:libtalloc2", "p-cpe:/a:novell:suse_linux:libtalloc2-32bit", "p-cpe:/a:novell:suse_linux:libtdb1", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libtdb1-32bit", "p-cpe:/a:novell:suse_linux:libtevent0", "p-cpe:/a:novell:suse_linux:libtevent0-32bit", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-32bit", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-32bit", "p-cpe:/a:novell:suse_linux:samba-doc", "p-cpe:/a:novell:suse_linux:samba-krb-printing", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit"], "id": "SUSE_SU-2020-14525-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150674", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14525-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150674);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14525-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : samba (SUSE-SU-2020:14525-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14525-1 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173994\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-October/007678.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0807f57c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14323\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ldapsmb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-krb-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'ldapsmb-1.34b-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libldb1-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libsmbclient0-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libsmbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libsmbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtalloc2-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtalloc2-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtalloc2-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtdb1-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtdb1-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtdb1-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtevent0-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtevent0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libtevent0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libwbclient0-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libwbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'libwbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-client-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-client-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-client-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-doc-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-krb-printing-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-winbind-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-winbind-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'samba-winbind-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'ldapsmb-1.34b-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libldb1-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libsmbclient0-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libsmbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libsmbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtalloc2-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtalloc2-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtalloc2-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtdb1-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtdb1-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtdb1-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtevent0-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtevent0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libtevent0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libwbclient0-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libwbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'libwbclient0-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-client-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-client-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-client-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-doc-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-krb-printing-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-winbind-3.6.3-94.31', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-winbind-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'samba-winbind-32bit-3.6.3-94.31', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ldapsmb / libldb1 / libsmbclient0 / libsmbclient0-32bit / libtalloc2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:57", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - As Samba internally opens an underlying file system handle on a directory when a client requests an open, even for FILE_READ_ATTRIBUTES then if the underlying file system permissions don&#39t allow &quotr&quot (read) access for the connected user, then the handle open request will be denied.&quot(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2491)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2491.NASL", "href": "https://www.tenable.com/plugins/nessus/143416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143416);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14318\",\n \"CVE-2020-14323\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2491)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - As Samba internally opens an underlying file system\n handle on a directory when a client requests an open,\n even for FILE_READ_ATTRIBUTES then if the underlying\n file system permissions don&#39t allow &quotr&quot\n (read) access for the connected user, then the handle\n open request will be denied.&quot(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2491\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?566c785c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.11.6-6.h9.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h9.eulerosv2r9\",\n \"samba-4.11.6-6.h9.eulerosv2r9\",\n \"samba-client-4.11.6-6.h9.eulerosv2r9\",\n \"samba-common-4.11.6-6.h9.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h9.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h9.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h9.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h9.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h9.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:34", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : samba (EulerOS-SA-2021-1229)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-python", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1229.NASL", "href": "https://www.tenable.com/plugins/nessus/146109", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146109);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2020-14318\",\n \"CVE-2020-14323\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : samba (EulerOS-SA-2021-1229)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the way samba handled file and\n directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory\n information which otherwise would be unavailable to the\n attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1229\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7046efe6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.7.1-9.h22.eulerosv2r7\",\n \"libwbclient-4.7.1-9.h22.eulerosv2r7\",\n \"samba-4.7.1-9.h22.eulerosv2r7\",\n \"samba-client-4.7.1-9.h22.eulerosv2r7\",\n \"samba-client-libs-4.7.1-9.h22.eulerosv2r7\",\n \"samba-common-4.7.1-9.h22.eulerosv2r7\",\n \"samba-common-libs-4.7.1-9.h22.eulerosv2r7\",\n \"samba-common-tools-4.7.1-9.h22.eulerosv2r7\",\n \"samba-libs-4.7.1-9.h22.eulerosv2r7\",\n \"samba-python-4.7.1-9.h22.eulerosv2r7\",\n \"samba-winbind-4.7.1-9.h22.eulerosv2r7\",\n \"samba-winbind-clients-4.7.1-9.h22.eulerosv2r7\",\n \"samba-winbind-modules-4.7.1-9.h22.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:39", "description": "This update for samba fixes the following issues :\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:3083-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3083-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143766", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3083-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143766);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:3083-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify\n(bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14323/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203083-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25a2497b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3083=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3083=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3083=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3083=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2020-3083=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libdcerpc0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr-standard0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libndr0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libnetapi0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamba-util0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsamdb0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbclient0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbconf0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libsmbldap0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libtevent-util0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libwbclient0-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-client-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-debugsource-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-libs-debuginfo-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-debuginfo-32bit-4.4.2-38.39.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"samba-winbind-debuginfo-4.4.2-38.39.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:50", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - As Samba internally opens an underlying file system handle on a directory when a client requests an open, even for FILE_READ_ATTRIBUTES then if the underlying file system permissions don&#39t allow &quotr&quot (read) access for the connected user, then the handle open request will be denied.&quot(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2504)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2504.NASL", "href": "https://www.tenable.com/plugins/nessus/143414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143414);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-14318\",\n \"CVE-2020-14323\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2504)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - As Samba internally opens an underlying file system\n handle on a directory when a client requests an open,\n even for FILE_READ_ATTRIBUTES then if the underlying\n file system permissions don&#39t allow &quotr&quot\n (read) access for the connected user, then the handle\n open request will be denied.&quot(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2504\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d99655b1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.11.6-6.h9.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h9.eulerosv2r9\",\n \"samba-4.11.6-6.h9.eulerosv2r9\",\n \"samba-client-4.11.6-6.h9.eulerosv2r9\",\n \"samba-common-4.11.6-6.h9.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h9.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h9.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h9.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h9.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h9.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:24:57", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2022-0058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:ctdb", "p-cpe:/a:zte:cgsl_main:ctdb-debuginfo", "p-cpe:/a:zte:cgsl_main:ctdb-tests", "p-cpe:/a:zte:cgsl_main:ctdb-tests-debuginfo", "p-cpe:/a:zte:cgsl_main:libsmbclient", "p-cpe:/a:zte:cgsl_main:libsmbclient-debuginfo", "p-cpe:/a:zte:cgsl_main:libsmbclient-devel", "p-cpe:/a:zte:cgsl_main:libwbclient", "p-cpe:/a:zte:cgsl_main:libwbclient-debuginfo", "p-cpe:/a:zte:cgsl_main:libwbclient-devel", "p-cpe:/a:zte:cgsl_main:python3-samba", "p-cpe:/a:zte:cgsl_main:python3-samba-debuginfo", "p-cpe:/a:zte:cgsl_main:python3-samba-devel", "p-cpe:/a:zte:cgsl_main:python3-samba-test", "p-cpe:/a:zte:cgsl_main:samba", "p-cpe:/a:zte:cgsl_main:samba-client", "p-cpe:/a:zte:cgsl_main:samba-client-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-client-libs", "p-cpe:/a:zte:cgsl_main:samba-client-libs-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-common", "p-cpe:/a:zte:cgsl_main:samba-common-libs", "p-cpe:/a:zte:cgsl_main:samba-common-libs-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-common-tools", "p-cpe:/a:zte:cgsl_main:samba-common-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-debugsource", "p-cpe:/a:zte:cgsl_main:samba-devel", "p-cpe:/a:zte:cgsl_main:samba-krb5-printing", "p-cpe:/a:zte:cgsl_main:samba-krb5-printing-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-libs", "p-cpe:/a:zte:cgsl_main:samba-libs-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-pidl", "p-cpe:/a:zte:cgsl_main:samba-test", "p-cpe:/a:zte:cgsl_main:samba-test-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-test-libs", "p-cpe:/a:zte:cgsl_main:samba-test-libs-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-vfs-glusterfs", "p-cpe:/a:zte:cgsl_main:samba-vfs-glusterfs-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-winbind", "p-cpe:/a:zte:cgsl_main:samba-winbind-clients", "p-cpe:/a:zte:cgsl_main:samba-winbind-clients-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-winbind-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-winbind-krb5-locator", "p-cpe:/a:zte:cgsl_main:samba-winbind-krb5-locator-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-winbind-modules", "p-cpe:/a:zte:cgsl_main:samba-winbind-modules-debuginfo", "p-cpe:/a:zte:cgsl_main:samba-winexe", "p-cpe:/a:zte:cgsl_main:samba-winexe-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0058_SAMBA.NASL", "href": "https://www.tenable.com/plugins/nessus/160772", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0058. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160772);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2022-0058)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple\nvulnerabilities:\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0058\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-1472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL samba packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libsmbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libwbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-client-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-common-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-common-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-krb5-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-test-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-vfs-glusterfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind-clients-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind-krb5-locator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winbind-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winexe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:samba-winexe-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'ctdb-4.13.3-3.el8',\n 'ctdb-debuginfo-4.13.3-3.el8',\n 'ctdb-tests-4.13.3-3.el8',\n 'ctdb-tests-debuginfo-4.13.3-3.el8',\n 'libsmbclient-4.13.3-3.el8',\n 'libsmbclient-debuginfo-4.13.3-3.el8',\n 'libsmbclient-devel-4.13.3-3.el8',\n 'libwbclient-4.13.3-3.el8',\n 'libwbclient-debuginfo-4.13.3-3.el8',\n 'libwbclient-devel-4.13.3-3.el8',\n 'python3-samba-4.13.3-3.el8',\n 'python3-samba-debuginfo-4.13.3-3.el8',\n 'python3-samba-devel-4.13.3-3.el8',\n 'python3-samba-test-4.13.3-3.el8',\n 'samba-4.13.3-3.el8',\n 'samba-client-4.13.3-3.el8',\n 'samba-client-debuginfo-4.13.3-3.el8',\n 'samba-client-libs-4.13.3-3.el8',\n 'samba-client-libs-debuginfo-4.13.3-3.el8',\n 'samba-common-4.13.3-3.el8',\n 'samba-common-libs-4.13.3-3.el8',\n 'samba-common-libs-debuginfo-4.13.3-3.el8',\n 'samba-common-tools-4.13.3-3.el8',\n 'samba-common-tools-debuginfo-4.13.3-3.el8',\n 'samba-debuginfo-4.13.3-3.el8',\n 'samba-debugsource-4.13.3-3.el8',\n 'samba-devel-4.13.3-3.el8',\n 'samba-krb5-printing-4.13.3-3.el8',\n 'samba-krb5-printing-debuginfo-4.13.3-3.el8',\n 'samba-libs-4.13.3-3.el8',\n 'samba-libs-debuginfo-4.13.3-3.el8',\n 'samba-pidl-4.13.3-3.el8',\n 'samba-test-4.13.3-3.el8',\n 'samba-test-debuginfo-4.13.3-3.el8',\n 'samba-test-libs-4.13.3-3.el8',\n 'samba-test-libs-debuginfo-4.13.3-3.el8',\n 'samba-vfs-glusterfs-4.13.3-3.el8',\n 'samba-vfs-glusterfs-debuginfo-4.13.3-3.el8',\n 'samba-winbind-4.13.3-3.el8',\n 'samba-winbind-clients-4.13.3-3.el8',\n 'samba-winbind-clients-debuginfo-4.13.3-3.el8',\n 'samba-winbind-debuginfo-4.13.3-3.el8',\n 'samba-winbind-krb5-locator-4.13.3-3.el8',\n 'samba-winbind-krb5-locator-debuginfo-4.13.3-3.el8',\n 'samba-winbind-modules-4.13.3-3.el8',\n 'samba-winbind-modules-debuginfo-4.13.3-3.el8',\n 'samba-winexe-4.13.3-3.el8',\n 'samba-winexe-debuginfo-4.13.3-3.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'samba');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:13", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2020:5439-1 advisory.\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2020:5439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:libsmbclient", "p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel", "p-cpe:/a:fermilab:scientific_linux:libwbclient", "p-cpe:/a:fermilab:scientific_linux:libwbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba", "p-cpe:/a:fermilab:scientific_linux:samba-client", "p-cpe:/a:fermilab:scientific_linux:samba-client-libs", "p-cpe:/a:fermilab:scientific_linux:samba-common", "p-cpe:/a:fermilab:scientific_linux:samba-common-libs", "p-cpe:/a:fermilab:scientific_linux:samba-common-tools", "p-cpe:/a:fermilab:scientific_linux:samba-dc", "p-cpe:/a:fermilab:scientific_linux:samba-dc-libs", "p-cpe:/a:fermilab:scientific_linux:samba-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba-devel", "p-cpe:/a:fermilab:scientific_linux:samba-krb5-printing", "p-cpe:/a:fermilab:scientific_linux:samba-libs", "p-cpe:/a:fermilab:scientific_linux:samba-pidl", "p-cpe:/a:fermilab:scientific_linux:samba-python", "p-cpe:/a:fermilab:scientific_linux:samba-python-test", "p-cpe:/a:fermilab:scientific_linux:samba-test", "p-cpe:/a:fermilab:scientific_linux:samba-test-libs", "p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs", "p-cpe:/a:fermilab:scientific_linux:samba-winbind", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules"], "id": "SL_20201215_SAMBA_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/144296", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144296);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"RHSA\", value:\"RHSA-2020:5439\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2020:5439)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2020:5439-1 advisory.\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20205439-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-client-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-common-4.10.16-9.el7_9', 'release':'SL7'},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-debuginfo-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-debuginfo-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-pidl-4.10.16-9.el7_9', 'release':'SL7'},\n {'reference':'samba-python-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-python-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-test-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-vfs-glusterfs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'cpu':'i686', 'release':'SL7'},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'SL7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:26:13", "description": "This update for samba fixes the following issues :\n\n - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).\n\n - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\n - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-11-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-2020-1811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2020-12-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel-32bit", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap2", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy-python-devel", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python", "p-cpe:/a:novell:opensuse:samba-libs-python-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libsamba-util0"], "id": "OPENSUSE-2020-1811.NASL", "href": "https://www.tenable.com/plugins/nessus/142540", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1811.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142540);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/08\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2020-1811)\");\n script_summary(english:\"Check for the openSUSE-2020-1811 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\n - CVE-2020-14383: An authenticated user can crash the\n DCE/RPC DNS with easily crafted records (bsc#1177613).\n\n - CVE-2020-14323: Unprivileged user can crash winbind\n (bsc#1173994).\n\n - CVE-2020-14318: Missing permissions check in SMB1/2/3\n ChangeNotify (bsc#1173902).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177613\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-pcp-pmda-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-pcp-pmda-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-tests-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ctdb-tests-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-binding0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libndr0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libnetapi0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-python-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-python3-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsamdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap2-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient0-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libwbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-ad-dc-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-client-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-client-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-core-devel-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-debugsource-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-dsdb-modules-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python3-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-pidl-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python3-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-test-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-test-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-winbind-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"samba-winbind-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi-devel-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ceph-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-client-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-lp151.2.36.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-pcp-pmda / ctdb-pcp-pmda-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:14", "description": "This update for samba fixes the following issues :\n\nUpdate to samba 4.11.14\n\n - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).\n\n - CVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\n - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\n - lib/util: Do not install /usr/bin/test_util\n\n - smbd: don't log success as error\n\n - idmap_ad does not deal properly with a RFC4511 section 4.4.1 response;\n\n - winbind: Fix a memleak\n\n - idmap_ad: Pass tldap debug messages on to DEBUG()\n\n - lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE\n\n - ctdb disable/enable can fail due to race condition\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-11-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : samba (openSUSE-2020-1819)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2020-12-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi-devel-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsmbldap2", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:opensuse:samba-python3-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1819.NASL", "href": "https://www.tenable.com/plugins/nessus/142324", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1819.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142324);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/08\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2020-1819)\");\n script_summary(english:\"Check for the openSUSE-2020-1819 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\nUpdate to samba 4.11.14\n\n - CVE-2020-14383: An authenticated user can crash the\n DCE/RPC DNS with easily crafted records (bsc#1177613).\n\n - CVE-2020-14323: Unprivileged user can crash winbind\n (bsc#1173994).\n\n - CVE-2020-14318: Missing permissions check in SMB1/2/3\n ChangeNotify (bsc#1173902).\n\n - lib/util: Do not install /usr/bin/test_util\n\n - smbd: don't log success as error\n\n - idmap_ad does not deal properly with a RFC4511 section\n 4.4.1 response;\n\n - winbind: Fix a memleak\n\n - idmap_ad: Pass tldap debug messages on to DEBUG()\n\n - lib/replace: Move lib/replace/closefrom.c from\n ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE\n\n - ctdb disable/enable can fail due to race condition\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177613\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-pcp-pmda-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-pcp-pmda-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-tests-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ctdb-tests-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-binding0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-binding0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc-samr0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libdcerpc0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-krb5pac0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-nbt0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr-standard0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libndr0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libnetapi0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-credentials0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-errors0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-hostconfig0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-passdb0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy-python3-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy0-python3-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-policy0-python3-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamba-util0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsamdb0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbclient0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbconf0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap2-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libsmbldap2-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libtevent-util0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient0-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"libwbclient0-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-ad-dc-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-ad-dc-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-client-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-client-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-core-devel-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-debugsource-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-dsdb-modules-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-dsdb-modules-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-python3-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-libs-python3-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-python3-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-python3-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-test-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-test-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-winbind-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"samba-winbind-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi-devel-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-python3-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ad-dc-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ceph-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-libs-python3-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.11.14+git.202.344b137b75d-lp152.3.16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / ctdb-pcp-pmda / ctdb-pcp-pmda-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:59", "description": "The version of Samba running on the remote host is 3.6.x prior to 4.11.15, 4.12.x prior to 4.12.9, or 4.13.x prior to 4.13.1. It is, therefore, potentially affected by multiple vulnerabilities, including the following:\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the Winbind service causing denial of service. (CVE-2020-14323)\n\n - A missing permissions check on a directory handle can leak file name information to unprivileged accounts.\n (CVE-2020-14318)\n\n - An error in Samba's dnsserver RPC pipe when no data is present in the DNS records additional section. An authenticated, non-admin user can exploit this to crash the DNS server by adding invalid records.\n (CVE-2020-14383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "Samba 3.6.x < 4.11.15 / 4.12.x < 4.12.9 / 4.13.x < 4.13.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_4_13_1.NASL", "href": "https://www.tenable.com/plugins/nessus/142419", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142419);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n\n script_name(english:\"Samba 3.6.x < 4.11.15 / 4.12.x < 4.12.9 / 4.13.x < 4.13.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is potentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is 3.6.x prior to 4.11.15, 4.12.x prior to 4.12.9, or 4.13.x prior to\n4.13.1. It is, therefore, potentially affected by multiple vulnerabilities, including the following:\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the Winbind service causing denial of\n service. (CVE-2020-14323)\n\n - A missing permissions check on a directory handle can leak file name information to unprivileged accounts.\n (CVE-2020-14318)\n\n - An error in Samba's dnsserver RPC pipe when no data is present in the DNS records additional section. An\n authenticated, non-admin user can exploit this to crash the DNS server by adding invalid records.\n (CVE-2020-14383)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-14383.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-14323.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-14318.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 4.11.15 / 4.12.9 / 4.13.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = vcf::samba::get_app_info();\nvcf::check_granularity(app_info:app, sig_segments:3);\n\nconstraints = [\n {'min_version':'3.6.0', 'fixed_version':'4.11.15'},\n {'min_version':'4.12.0', 'fixed_version':'4.12.9'},\n {'min_version':'4.13.0', 'fixed_version':'4.13.1'}\n];\n\nvcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_WARNING, strict:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:41", "description": "This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:3082-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3082-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143847", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3082-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143847);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:3082-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with\neasily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify\n(bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14383/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203082-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?850bfde7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3082=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3082=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3082=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc-binding0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libdcerpc0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-krb5pac0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-nbt0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr-standard0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libndr0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libnetapi0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-credentials0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-errors0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-hostconfig0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-passdb0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamba-util0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsamdb0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbclient0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbconf0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libsmbldap2-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libtevent-util0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libwbclient0-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-client-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-debugsource-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-libs-python3-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-debuginfo-32bit-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"samba-winbind-debuginfo-4.10.18+git.219.1d732314d96-3.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:26", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.(CVE-2020-14383)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323)\n\n - Missing handle permissions check in SMB1/2/3 ChangeNotify(CVE-2020-14318)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : samba (EulerOS-SA-2021-1423)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/147458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147458);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-14318\",\n \"CVE-2020-14323\",\n \"CVE-2020-14383\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : samba (EulerOS-SA-2021-1423)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in samba's DNS server. An\n authenticated user could use this flaw to the RPC\n server to crash. This RPC server, which also serves\n protocols other than dnsserver, will be restarted after\n a short delay, but it is easy for an authenticated non\n administrative attacker to crash it again as soon as it\n returns. The Samba DNS server itself will continue to\n operate, but many RPC services will\n not.(CVE-2020-14383)\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323)\n\n - Missing handle permissions check in SMB1/2/3\n ChangeNotify(CVE-2020-14318)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1423\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf8adcea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"samba-client-libs-4.7.1-9.h23.eulerosv2r7\",\n \"samba-common-4.7.1-9.h23.eulerosv2r7\",\n \"samba-common-libs-4.7.1-9.h23.eulerosv2r7\",\n \"samba-common-tools-4.7.1-9.h23.eulerosv2r7\",\n \"samba-libs-4.7.1-9.h23.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T10:34:32", "description": "The version of samba installed on the remote host is prior to 4.10.16-13. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1649 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-04T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : samba (ALAS-2021-1649)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-vfs-glusterfs", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-modules", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-tests", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-dc", "p-cpe:/a:amazon:linux:samba-dc-libs", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-krb5-printing", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-python", "p-cpe:/a:amazon:linux:samba-python-test", "p-cpe:/a:amazon:linux:samba-test"], "id": "AL2_ALAS-2021-1649.NASL", "href": "https://www.tenable.com/plugins/nessus/169521", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1649.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169521);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Amazon Linux 2 : samba (ALAS-2021-1649)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of samba installed on the remote host is prior to 4.10.16-13. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1649 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1649.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update samba' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ctdb-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.10.16-13.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.10.16-13.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-glusterfs-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-13.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-13.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-13.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-tests / libsmbclient / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:36:30", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:5439 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "CentOS 7 : samba (CESA-2020:5439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ctdb", "p-cpe:/a:centos:centos:ctdb-tests", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:libwbclient", "p-cpe:/a:centos:centos:libwbclient-devel", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-client-libs", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-common-libs", "p-cpe:/a:centos:centos:samba-common-tools", "p-cpe:/a:centos:centos:samba-dc", "p-cpe:/a:centos:centos:samba-dc-libs", "p-cpe:/a:centos:centos:samba-devel", "p-cpe:/a:centos:centos:samba-krb5-printing", "p-cpe:/a:centos:centos:samba-libs", "p-cpe:/a:centos:centos:samba-pidl", "p-cpe:/a:centos:centos:samba-python", "p-cpe:/a:centos:centos:samba-python-test", "p-cpe:/a:centos:centos:samba-test", "p-cpe:/a:centos:centos:samba-test-libs", "p-cpe:/a:centos:centos:samba-vfs-glusterfs", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "p-cpe:/a:centos:centos:samba-winbind-modules", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-5439.NASL", "href": "https://www.tenable.com/plugins/nessus/144973", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5439 and\n# CentOS Errata and Security Advisory 2020:5439 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144973);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"RHSA\", value:\"2020:5439\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"CentOS 7 : samba (CESA-2020:5439)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:5439 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-December/048217.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d69dc2e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/170.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/266.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/287.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(170, 266, 287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'ctdb-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'ctdb-tests-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-client-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-common-4.10.16-9.el7_9', 'sp':'9', 'release':'CentOS-7'},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-pidl-4.10.16-9.el7_9', 'sp':'9', 'release':'CentOS-7'},\n {'reference':'samba-python-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'samba-python-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-test-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-vfs-glusterfs-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7'},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:17", "description": "This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:3092-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:samba-libs-python", "p-cpe:/a:novell:suse_linux:samba-libs-python-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:samba-python-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3092-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143797", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3092-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143797);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:3092-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with\neasily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify\n(bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14383/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203092-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?664b39f1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-3092=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3092=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-3092=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2020-3092=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-binding0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libndr0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libnetapi0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-python3-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsamdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap2-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libwbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-ad-dc-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-client-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-client-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-core-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-debugsource-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-dsdb-modules-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python3-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python3-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-winbind-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"samba-winbind-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-binding0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-binding0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc-samr0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdcerpc0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-krb5pac0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-nbt0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr-standard0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libndr0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libnetapi0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-credentials0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-errors0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-hostconfig0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-passdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy-python3-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-python3-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-policy0-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamba-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsamdb0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbconf0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap2-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libsmbldap2-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libtevent-util0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient0-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libwbclient0-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-ad-dc-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-ad-dc-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-client-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-client-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-core-devel-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-debugsource-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-dsdb-modules-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-dsdb-modules-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python3-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-libs-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python3-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-python3-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-winbind-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"samba-winbind-debuginfo-4.9.5+git.383.7b7f8f14df8-3.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:53", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5439 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-18T00:00:00", "type": "nessus", "title": "RHEL 7 : samba (RHSA-2020:5439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-dc", "p-cpe:/a:redhat:enterprise_linux:samba-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-python", "p-cpe:/a:redhat:enterprise_linux:samba-python-test", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"], "id": "REDHAT-RHSA-2020-5439.NASL", "href": "https://www.tenable.com/plugins/nessus/144423", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5439. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144423);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"RHSA\", value:\"2020:5439\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"RHEL 7 : samba (RHSA-2020:5439)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5439 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1892631\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(170, 266, 287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-glusterfs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:40", "description": "This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : samba (SUSE-SU-2020:3087-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2020-12-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0"], "id": "SUSE_SU-2020-3087-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143822", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3087-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143822);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"SUSE SLES15 Security Update : samba (SUSE-SU-2020:3087-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with\neasily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify\n(bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14383/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203087-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63880c1a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3087=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3087=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3087=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3087=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2020-3087=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-binding0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-binding0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc-samr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libdcerpc0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-krb5pac0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-nbt0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr-standard0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libndr0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libnetapi0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-credentials0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-errors0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-hostconfig0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-passdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-policy-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-policy0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamba-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsamdb0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbconf0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap2-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libsmbldap2-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libtevent-util0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient0-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libwbclient0-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-client-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-client-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-core-devel-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-debugsource-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-libs-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-libs-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-winbind-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"samba-winbind-debuginfo-4.7.11+git.280.25dfd9a947d-4.51.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:42:03", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1647 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : samba (CESA-2021:1647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:ctdb", "p-cpe:/a:centos:centos:ctdb-tests", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:libwbclient", "p-cpe:/a:centos:centos:libwbclient-devel", "p-cpe:/a:centos:centos:openchange", "p-cpe:/a:centos:centos:python3-samba", "p-cpe:/a:centos:centos:python3-samba-test", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-client-libs", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-common-libs", "p-cpe:/a:centos:centos:samba-common-tools", "p-cpe:/a:centos:centos:samba-devel", "p-cpe:/a:centos:centos:samba-krb5-printing", "p-cpe:/a:centos:centos:samba-libs", "p-cpe:/a:centos:centos:samba-pidl", "p-cpe:/a:centos:centos:samba-test", "p-cpe:/a:centos:centos:samba-test-libs", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "p-cpe:/a:centos:centos:samba-winbind-modules", "p-cpe:/a:centos:centos:samba-winexe"], "id": "CENTOS8_RHSA-2021-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/149752", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1647. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149752);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"RHSA\", value:\"2021:1647\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"CentOS 8 : samba (CESA-2021:1647)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1647 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1647\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winexe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'ctdb-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:58", "description": "Update to Samba 4.13.1 - Security fixes for CVE-2020-14318, CVE-2020-14323 and CVE-2020-14383\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-03T00:00:00", "type": "nessus", "title": "Fedora 33 : 2:samba (2020-c1e9ae02d2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2020-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:samba", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-C1E9AE02D2.NASL", "href": "https://www.tenable.com/plugins/nessus/142351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-c1e9ae02d2.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142351);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/08\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n script_xref(name:\"FEDORA\", value:\"2020-c1e9ae02d2\");\n\n script_name(english:\"Fedora 33 : 2:samba (2020-c1e9ae02d2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Samba 4.13.1 - Security fixes for CVE-2020-14318,\nCVE-2020-14323 and CVE-2020-14383\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-c1e9ae02d2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"samba-4.13.1-0.fc33\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:03", "description": "Update to Samba 4.12.10\n\n----\n\nUpdate to Samba 4.12.9 - Security fixes for CVE-2020-14318, CVE-2020-14323 and CVE-2020-14383\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-11-10T00:00:00", "type": "nessus", "title": "Fedora 32 : 2:samba (2020-2e1a1489be)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2020-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:2:samba", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-2E1A1489BE.NASL", "href": "https://www.tenable.com/plugins/nessus/142668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-2e1a1489be.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142668);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/08\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n script_xref(name:\"FEDORA\", value:\"2020-2e1a1489be\");\n\n script_name(english:\"Fedora 32 : 2:samba (2020-2e1a1489be)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Samba 4.12.10\n\n----\n\nUpdate to Samba 4.12.9 - Security fixes for CVE-2020-14318,\nCVE-2020-14323 and CVE-2020-14383\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-2e1a1489be\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 2:samba package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:2:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"samba-4.12.10-0.fc32\", epoch:\"2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"2:samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:12:34", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323,CVE-2020-14318)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2021-1050)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-1050.NASL", "href": "https://www.tenable.com/plugins/nessus/144739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144739);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-1472\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2021-1050)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323,CVE-2020-14318)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1050\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?230f9758\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"samba-client-libs-4.7.1-9.h22\",\n \"samba-common-4.7.1-9.h22\",\n \"samba-common-libs-4.7.1-9.h22\",\n \"samba-common-tools-4.7.1-9.h22\",\n \"samba-libs-4.7.1-9.h22\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:35", "description": "This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2020:3093-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-3093-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3093-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143684);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2020:3093-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with\neasily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify\n(bsc#1173902).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14383/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203093-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4011b1a6\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3093=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3093=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3093=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3093=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3093=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3093=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3093=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3093=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3093=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2020-3093=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2020-3093=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3093=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3093=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-debugsource-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debugsource-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-32bit-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-4.6.16+git.248.c833312e640-3.58.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:41:45", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1647 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : samba (RHSA-2021:1647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:openchange", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:python3-samba-test", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "p-cpe:/a:redhat:enterprise_linux:samba-winexe"], "id": "REDHAT-RHSA-2021-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/149679", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1647. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149679);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"RHSA\", value:\"2021:1647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"RHEL 8 : samba (RHSA-2021:1647)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1647 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1892631\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(170, 266, 287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winexe\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-3.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-3.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:42:29", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1647 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : samba (ELSA-2021-1647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:ctdb", "p-cpe:/a:oracle:linux:ctdb-tests", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:libwbclient", "p-cpe:/a:oracle:linux:libwbclient-devel", "p-cpe:/a:oracle:linux:openchange", "p-cpe:/a:oracle:linux:python3-samba", "p-cpe:/a:oracle:linux:python3-samba-test", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-client-libs", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-common-libs", "p-cpe:/a:oracle:linux:samba-common-tools", "p-cpe:/a:oracle:linux:samba-devel", "p-cpe:/a:oracle:linux:samba-krb5-printing", "p-cpe:/a:oracle:linux:samba-libs", "p-cpe:/a:oracle:linux:samba-pidl", "p-cpe:/a:oracle:linux:samba-test", "p-cpe:/a:oracle:linux:samba-test-libs", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "p-cpe:/a:oracle:linux:samba-winbind-modules", "p-cpe:/a:oracle:linux:samba-winexe"], "id": "ORACLELINUX_ELSA-2021-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/149965", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1647.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149965);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Oracle Linux 8 : samba (ELSA-2021-1647)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1647 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1647.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winexe\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'ctdb-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.0.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.0.1.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.0.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:36:29", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1585 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : ctdb (ALAS-2021-1585)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-tests", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-dc", "p-cpe:/a:amazon:linux:samba-dc-libs", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-krb5-printing", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-python", "p-cpe:/a:amazon:linux:samba-python-test", "p-cpe:/a:amazon:linux:samba-test", "p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-vfs-glusterfs", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-modules", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1585.NASL", "href": "https://www.tenable.com/plugins/nessus/144800", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1585.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144800);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"ALAS\", value:\"2021-1585\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Amazon Linux 2 : ctdb (ALAS-2021-1585)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2021-1585 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1585.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update samba' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'ctdb-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ctdb-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ctdb-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'ctdb-tests-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'ctdb-tests-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'ctdb-tests-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libsmbclient-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libsmbclient-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libsmbclient-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libsmbclient-devel-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libsmbclient-devel-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libsmbclient-devel-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libwbclient-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libwbclient-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libwbclient-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'libwbclient-devel-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'libwbclient-devel-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'libwbclient-devel-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-client-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-client-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-client-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-client-libs-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-client-libs-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-client-libs-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-common-4.10.16-9.amzn2.0.1', 'release':'AL2'},\n {'reference':'samba-common-libs-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-common-libs-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-common-libs-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-common-tools-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-common-tools-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-common-tools-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-dc-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-dc-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-dc-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-dc-libs-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-dc-libs-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-dc-libs-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-debuginfo-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-debuginfo-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-debuginfo-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-devel-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-devel-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-devel-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-krb5-printing-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-krb5-printing-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-krb5-printing-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-libs-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-libs-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-libs-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-pidl-4.10.16-9.amzn2.0.1', 'release':'AL2'},\n {'reference':'samba-python-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-python-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-python-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-python-test-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-python-test-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-python-test-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-test-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-test-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-test-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-test-libs-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-test-libs-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-test-libs-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-vfs-glusterfs-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-winbind-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-winbind-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-winbind-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-winbind-clients-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-winbind-clients-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-winbind-clients-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'samba-winbind-modules-4.10.16-9.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'samba-winbind-modules-4.10.16-9.amzn2.0.1', 'cpu':'i686', 'release':'AL2'},\n {'reference':'samba-winbind-modules-4.10.16-9.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-tests / libsmbclient / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:21:50", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1647 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : samba (ALSA-2021:1647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:alma:linux:ctdb", "p-cpe:/a:alma:linux:ctdb-tests", "p-cpe:/a:alma:linux:libsmbclient", "p-cpe:/a:alma:linux:libsmbclient-devel", "p-cpe:/a:alma:linux:libwbclient", "p-cpe:/a:alma:linux:libwbclient-devel", "p-cpe:/a:alma:linux:openchange", "p-cpe:/a:alma:linux:python3-samba", "p-cpe:/a:alma:linux:python3-samba-test", "p-cpe:/a:alma:linux:samba", "p-cpe:/a:alma:linux:samba-client", "p-cpe:/a:alma:linux:samba-client-libs", "p-cpe:/a:alma:linux:samba-common", "p-cpe:/a:alma:linux:samba-common-libs", "p-cpe:/a:alma:linux:samba-common-tools", "p-cpe:/a:alma:linux:samba-devel", "p-cpe:/a:alma:linux:samba-krb5-printing", "p-cpe:/a:alma:linux:samba-libs", "p-cpe:/a:alma:linux:samba-pidl", "p-cpe:/a:alma:linux:samba-test", "p-cpe:/a:alma:linux:samba-test-libs", "p-cpe:/a:alma:linux:samba-winbind", "p-cpe:/a:alma:linux:samba-winbind-clients", "p-cpe:/a:alma:linux:samba-winbind-krb5-locator", "p-cpe:/a:alma:linux:samba-winbind-modules", "p-cpe:/a:alma:linux:samba-winexe", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/157490", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1647.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157490);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"ALSA\", value:\"2021:1647\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"AlmaLinux 8 : samba (ALSA-2021:1647)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1647 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1647.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openchange\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winexe\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openchange-2.3-27.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-3.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:59", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4611-1 advisory.\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Samba vulnerabilities (USN-4611-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python-samba", "p-cpe:/a:canonical:ubuntu_linux:python3-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-4611-1.NASL", "href": "https://www.tenable.com/plugins/nessus/142218", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4611-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142218);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n script_xref(name:\"USN\", value:\"4611-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Samba vulnerabilities (USN-4611-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4611-1 advisory.\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4611-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'ctdb', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'python-samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba-common', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'smbclient', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '16.04', 'pkgname': 'winbind', 'pkgver': '2:4.3.11+dfsg-0ubuntu0.16.04.32'},\n {'osver': '18.04', 'pkgname': 'ctdb', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'python-samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba-common', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'smbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '18.04', 'pkgname': 'winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.21'},\n {'osver': '20.04', 'pkgname': 'ctdb', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'python3-samba', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba-common', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'smbclient', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.04', 'pkgname': 'winbind', 'pkgver': '2:4.11.6+dfsg-0ubuntu1.6'},\n {'osver': '20.10', 'pkgname': 'ctdb', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libsmbclient', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'libwbclient0', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'python3-samba', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'registry-tools', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba-common', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba-dev', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba-libs', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'smbclient', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'},\n {'osver': '20.10', 'pkgname': 'winbind', 'pkgver': '2:4.12.5+dfsg-3ubuntu4.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libparse-pidl-perl / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:28:23", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5439 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : samba (ELSA-2020-5439)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:ctdb", "p-cpe:/a:oracle:linux:ctdb-tests", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:libwbclient", "p-cpe:/a:oracle:linux:libwbclient-devel", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-client-libs", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-common-libs", "p-cpe:/a:oracle:linux:samba-common-tools", "p-cpe:/a:oracle:linux:samba-dc", "p-cpe:/a:oracle:linux:samba-dc-libs", "p-cpe:/a:oracle:linux:samba-devel", "p-cpe:/a:oracle:linux:samba-krb5-printing", "p-cpe:/a:oracle:linux:samba-libs", "p-cpe:/a:oracle:linux:samba-pidl", "p-cpe:/a:oracle:linux:samba-python", "p-cpe:/a:oracle:linux:samba-python-test", "p-cpe:/a:oracle:linux:samba-test", "p-cpe:/a:oracle:linux:samba-test-libs", "p-cpe:/a:oracle:linux:samba-vfs-glusterfs", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "p-cpe:/a:oracle:linux:samba-winbind-modules"], "id": "ORACLELINUX_ELSA-2020-5439.NASL", "href": "https://www.tenable.com/plugins/nessus/144332", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5439.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144332);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Oracle Linux 7 : samba (ELSA-2020-5439)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5439 advisory.\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5439.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-modules\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'ctdb-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'ctdb-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'ctdb-tests-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'ctdb-tests-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'libsmbclient-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'libsmbclient-devel-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'libwbclient-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'libwbclient-devel-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-client-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-client-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'samba-client-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-common-4.10.16-9.el7_9', 'release':'7'},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'samba-common-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-common-tools-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-dc-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-dc-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'samba-devel-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-krb5-printing-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'samba-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-pidl-4.10.16-9.el7_9', 'release':'7'},\n {'reference':'samba-python-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-python-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'samba-python-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-python-test-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-test-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-test-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'samba-test-libs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-vfs-glusterfs-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-winbind-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-winbind-clients-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'cpu':'aarch64', 'release':'7'},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'cpu':'i686', 'release':'7'},\n {'reference':'samba-winbind-modules-4.10.16-9.el7_9', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:31", "description": "This update for samba fixes the following issues :\n\nUpdate to samba 4.11.14\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify (bsc#1173902).\n\nlib/util: Do not install /usr/bin/test_util\n\nsmbd: don't log success as error\n\nidmap_ad does not deal properly with a RFC4511 section 4.4.1 response;\n\nwinbind: Fix a memleak\n\nidmap_ad: Pass tldap debug messages on to DEBUG()\n\nlib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE\n\nctdb disable/enable can fail due to race condition\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:3081-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-ceph", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-ceph-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-python3-debuginfo"], "id": "SUSE_SU-2020-3081-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143848", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3081-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143848);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:3081-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for samba fixes the following issues :\n\nUpdate to samba 4.11.14\n\nCVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with\neasily crafted records (bsc#1177613).\n\nCVE-2020-14323: Unprivileged user can crash winbind (bsc#1173994).\n\nCVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify\n(bsc#1173902).\n\nlib/util: Do not install /usr/bin/test_util\n\nsmbd: don't log success as error\n\nidmap_ad does not deal properly with a RFC4511 section 4.4.1 response;\n\nwinbind: Fix a memleak\n\nidmap_ad: Pass tldap debug messages on to DEBUG()\n\nlib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to\nREPLACE_HOSTCC_SOURCE\n\nctdb disable/enable can fail due to race condition\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14318/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14323/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14383/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203081-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?107b77ae\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3081=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3081=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3081=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-binding0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-samr-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-samr0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc-samr0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libdcerpc0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-krb5pac-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-krb5pac0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-nbt-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-nbt0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-standard-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-standard0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr-standard0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libndr0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libnetapi-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libnetapi0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libnetapi0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-credentials-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-credentials0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-errors-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-errors0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-hostconfig-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-hostconfig0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-passdb-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-passdb0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy-python3-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy0-python3-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-policy0-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-util-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-util0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamba-util0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamdb-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamdb0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsamdb0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbclient-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbclient0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbclient0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbconf-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbconf0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbconf0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbldap-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbldap2-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libsmbldap2-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtevent-util-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtevent-util0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libtevent-util0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwbclient-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwbclient0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"libwbclient0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-ad-dc-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-ad-dc-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-client-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-client-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-core-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-debugsource-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-dsdb-modules-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-dsdb-modules-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-python3-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-libs-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-python3-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-winbind-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"samba-winbind-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libndr0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libsmbldap2-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-binding0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-binding0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-samr-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-samr0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc-samr0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libdcerpc0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-krb5pac-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-krb5pac0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-krb5pac0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-nbt-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-nbt0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-nbt0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-standard-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-standard0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr-standard0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libndr0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libnetapi-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libnetapi0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libnetapi0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-credentials-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-credentials0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-credentials0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-errors-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-errors0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-errors0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-hostconfig-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-hostconfig0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-hostconfig0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-passdb-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-passdb0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-passdb0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy-python3-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy0-python3-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-policy0-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-util-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-util0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamba-util0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamdb-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamdb0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsamdb0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbclient-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbclient0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbclient0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbconf-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbconf0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbconf0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbldap-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbldap2-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libsmbldap2-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libtevent-util-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libtevent-util0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libtevent-util0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwbclient-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwbclient0-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"libwbclient0-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-ad-dc-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-ad-dc-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-client-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-client-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-core-devel-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-debugsource-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-dsdb-modules-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-dsdb-modules-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-python3-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-libs-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-python3-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-python3-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-winbind-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"samba-winbind-debuginfo-4.11.14+git.202.344b137b75d-4.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:31", "description": "The Samba Team reports :\n\n- CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify\n\n- CVE-2020-14323: Unprivileged user can crash winbind\n\n- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records", "cvss3": {}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "FreeBSD : samba -- Multiple Vulnerabilities (9ca85b7c-1b31-11eb-8762-005056a311d1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383"], "modified": "2020-12-08T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:samba410", "p-cpe:/a:freebsd:freebsd:samba411", "p-cpe:/a:freebsd:freebsd:samba412", "p-cpe:/a:freebsd:freebsd:samba413", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9CA85B7C1B3111EB8762005056A311D1.NASL", "href": "https://www.tenable.com/plugins/nessus/142151", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142151);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/08\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\");\n\n script_name(english:\"FreeBSD : samba -- Multiple Vulnerabilities (9ca85b7c-1b31-11eb-8762-005056a311d1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Samba Team reports :\n\n- CVE-2020-14318: Missing handle permissions check in SMB1/2/3\nChangeNotify\n\n- CVE-2020-14323: Unprivileged user can crash winbind\n\n- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with\neasily crafted records\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2020-14318.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2020-14323.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2020-14383.html\"\n );\n # https://vuxml.freebsd.org/freebsd/9ca85b7c-1b31-11eb-8762-005056a311d1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f796c19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba410\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba411\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba412\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba413\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba410<=4.10.18\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba411<4.11.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba412<4.12.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba413<4.13.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:37:49", "description": "The version of samba installed on the remote host is prior to 4.10.16-9.56. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1469 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : samba (ALAS-2021-1469)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-tests", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-krb5-printing", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-python", "p-cpe:/a:amazon:linux:samba-python-test", "p-cpe:/a:amazon:linux:samba-test", "p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-modules", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1469.NASL", "href": "https://www.tenable.com/plugins/nessus/144992", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1469.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144992);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\"CVE-2020-1472\", \"CVE-2020-14318\", \"CVE-2020-14323\");\n script_xref(name:\"ALAS\", value:\"2021-1469\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"Amazon Linux AMI : samba (ALAS-2021-1469)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of samba installed on the remote host is prior to 4.10.16-9.56. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1469 advisory.\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1469.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update samba' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'ctdb-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ctdb-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ctdb-tests-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ctdb-tests-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libsmbclient-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libsmbclient-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libsmbclient-devel-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libsmbclient-devel-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libwbclient-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libwbclient-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'libwbclient-devel-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'libwbclient-devel-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-client-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-client-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-client-libs-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-client-libs-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-common-4.10.16-9.56.amzn1', 'release':'ALA'},\n {'reference':'samba-common-libs-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-common-libs-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-common-tools-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-common-tools-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-debuginfo-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-debuginfo-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-devel-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-devel-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-krb5-printing-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-krb5-printing-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-libs-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-libs-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-pidl-4.10.16-9.56.amzn1', 'release':'ALA'},\n {'reference':'samba-python-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-python-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-python-test-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-python-test-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-test-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-test-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-test-libs-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-test-libs-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-winbind-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-winbind-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-winbind-clients-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-winbind-clients-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-winbind-krb5-locator-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'samba-winbind-modules-4.10.16-9.56.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'samba-winbind-modules-4.10.16-9.56.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-tests / libsmbclient / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:39:40", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.(CVE-2020-14383)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : samba (EulerOS-SA-2021-1517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-python", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-1517.NASL", "href": "https://www.tenable.com/plugins/nessus/147061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147061);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-14318\",\n \"CVE-2020-14323\",\n \"CVE-2020-14383\",\n \"CVE-2020-1472\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : samba (EulerOS-SA-2021-1517)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in samba's DNS server. An\n authenticated user could use this flaw to the RPC\n server to crash. This RPC server, which also serves\n protocols other than dnsserver, will be restarted after\n a short delay, but it is easy for an authenticated non\n administrative attacker to crash it again as soon as it\n returns. The Samba DNS server itself will continue to\n operate, but many RPC services will\n not.(CVE-2020-14383)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\n - A flaw was found in the way samba handled file and\n directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory\n information which otherwise would be unavailable to the\n attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1517\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd10d4de\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.7.1-9.h23.eulerosv2r7\",\n \"libwbclient-4.7.1-9.h23.eulerosv2r7\",\n \"samba-4.7.1-9.h23.eulerosv2r7\",\n \"samba-client-4.7.1-9.h23.eulerosv2r7\",\n \"samba-client-libs-4.7.1-9.h23.eulerosv2r7\",\n \"samba-common-4.7.1-9.h23.eulerosv2r7\",\n \"samba-common-libs-4.7.1-9.h23.eulerosv2r7\",\n \"samba-common-tools-4.7.1-9.h23.eulerosv2r7\",\n \"samba-libs-4.7.1-9.h23.eulerosv2r7\",\n \"samba-python-4.7.1-9.h23.eulerosv2r7\",\n \"samba-winbind-4.7.1-9.h23.eulerosv2r7\",\n \"samba-winbind-clients-4.7.1-9.h23.eulerosv2r7\",\n \"samba-winbind-modules-4.7.1-9.h23.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:37:01", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.(CVE-2020-14383)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : samba (EulerOS-SA-2021-1118)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-python", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1118.NASL", "href": "https://www.tenable.com/plugins/nessus/145189", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145189);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-14318\",\n \"CVE-2020-14323\",\n \"CVE-2020-14383\",\n \"CVE-2020-1472\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"EulerOS 2.0 SP3 : samba (EulerOS-SA-2021-1118)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in samba's DNS server. An\n authenticated user could use this flaw to the RPC\n server to crash. This RPC server, which also serves\n protocols other than dnsserver, will be restarted after\n a short delay, but it is easy for an authenticated non\n administrative attacker to crash it again as soon as it\n returns. The Samba DNS server itself will continue to\n operate, but many RPC services will\n not.(CVE-2020-14383)\n\n - A flaw was found in the way samba handled file and\n directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory\n information which otherwise would be unavailable to the\n attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an\n attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the\n Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'.(CVE-2020-1472)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1118\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6d4b490\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libsmbclient-4.6.2-8.h14\",\n \"libwbclient-4.6.2-8.h14\",\n \"samba-4.6.2-8.h14\",\n \"samba-client-4.6.2-8.h14\",\n \"samba-client-libs-4.6.2-8.h14\",\n \"samba-common-4.6.2-8.h14\",\n \"samba-common-libs-4.6.2-8.h14\",\n \"samba-common-tools-4.6.2-8.h14\",\n \"samba-libs-4.6.2-8.h14\",\n \"samba-python-4.6.2-8.h14\",\n \"samba-winbind-4.6.2-8.h14\",\n \"samba-winbind-clients-4.6.2-8.h14\",\n \"samba-winbind-modules-4.6.2-8.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:40:28", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has samba packages installed that are affected by multiple vulnerabilities:\n\n - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange.\n In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). (CVE-2019-14907)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : samba Multiple Vulnerabilities (NS-SA-2021-0024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14907", "CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0024_SAMBA.NASL", "href": "https://www.tenable.com/plugins/nessus/147360", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0024. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147360);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2019-14907\",\n \"CVE-2020-1472\",\n \"CVE-2020-14318\",\n \"CVE-2020-14323\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : samba Multiple Vulnerabilities (NS-SA-2021-0024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has samba packages installed that are affected by\nmultiple vulnerabilities:\n\n - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where\n if it is set with log level = 3 (or above) then the string obtained from the client, after a failed\n character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange.\n In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to\n terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a\n crash there is harmless). (CVE-2019-14907)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL samba packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'ctdb-4.10.16-9.el7_9',\n 'ctdb-tests-4.10.16-9.el7_9',\n 'libsmbclient-4.10.16-9.el7_9',\n 'libsmbclient-devel-4.10.16-9.el7_9',\n 'libwbclient-4.10.16-9.el7_9',\n 'libwbclient-devel-4.10.16-9.el7_9',\n 'samba-4.10.16-9.el7_9',\n 'samba-client-4.10.16-9.el7_9',\n 'samba-client-libs-4.10.16-9.el7_9',\n 'samba-common-4.10.16-9.el7_9',\n 'samba-common-libs-4.10.16-9.el7_9',\n 'samba-common-tools-4.10.16-9.el7_9',\n 'samba-dc-4.10.16-9.el7_9',\n 'samba-dc-libs-4.10.16-9.el7_9',\n 'samba-devel-4.10.16-9.el7_9',\n 'samba-krb5-printing-4.10.16-9.el7_9',\n 'samba-libs-4.10.16-9.el7_9',\n 'samba-pidl-4.10.16-9.el7_9',\n 'samba-python-4.10.16-9.el7_9',\n 'samba-python-test-4.10.16-9.el7_9',\n 'samba-test-4.10.16-9.el7_9',\n 'samba-test-libs-4.10.16-9.el7_9',\n 'samba-vfs-glusterfs-4.10.16-9.el7_9',\n 'samba-winbind-4.10.16-9.el7_9',\n 'samba-winbind-clients-4.10.16-9.el7_9',\n 'samba-winbind-krb5-locator-4.10.16-9.el7_9',\n 'samba-winbind-modules-4.10.16-9.el7_9'\n ],\n 'CGSL MAIN 5.04': [\n 'ctdb-4.10.16-9.el7_9',\n 'ctdb-tests-4.10.16-9.el7_9',\n 'libsmbclient-4.10.16-9.el7_9',\n 'libsmbclient-devel-4.10.16-9.el7_9',\n 'libwbclient-4.10.16-9.el7_9',\n 'libwbclient-devel-4.10.16-9.el7_9',\n 'samba-4.10.16-9.el7_9',\n 'samba-client-4.10.16-9.el7_9',\n 'samba-client-libs-4.10.16-9.el7_9',\n 'samba-common-4.10.16-9.el7_9',\n 'samba-common-libs-4.10.16-9.el7_9',\n 'samba-common-tools-4.10.16-9.el7_9',\n 'samba-dc-4.10.16-9.el7_9',\n 'samba-dc-libs-4.10.16-9.el7_9',\n 'samba-devel-4.10.16-9.el7_9',\n 'samba-krb5-printing-4.10.16-9.el7_9',\n 'samba-libs-4.10.16-9.el7_9',\n 'samba-pidl-4.10.16-9.el7_9',\n 'samba-python-4.10.16-9.el7_9',\n 'samba-python-test-4.10.16-9.el7_9',\n 'samba-test-4.10.16-9.el7_9',\n 'samba-test-libs-4.10.16-9.el7_9',\n 'samba-vfs-glusterfs-4.10.16-9.el7_9',\n 'samba-winbind-4.10.16-9.el7_9',\n 'samba-winbind-clients-4.10.16-9.el7_9',\n 'samba-winbind-krb5-locator-4.10.16-9.el7_9',\n 'samba-winbind-modules-4.10.16-9.el7_9'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'samba');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:47:28", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3723 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\n - samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token (CVE-2021-20254)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-05T00:00:00", "type": "nessus", "title": "RHEL 7 : samba (RHSA-2021:3723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472", "CVE-2021-20254"], "modified": "2023-05-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"], "id": "REDHAT-RHSA-2021-3723.NASL", "href": "https://www.tenable.com/plugins/nessus/153886", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3723. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153886);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2020-1472\",\n \"CVE-2020-14318\",\n \"CVE-2020-14323\",\n \"CVE-2021-20254\"\n );\n script_xref(name:\"RHSA\", value:\"2021:3723\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0208-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"RHEL 7 : samba (RHSA-2021:3723)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:3723 advisory.\n\n - samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318)\n\n - samba: Unprivileged user can crash winbind (CVE-2020-14323)\n\n - samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472)\n\n - samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process\n token (CVE-2021-20254)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1891685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1892631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1949442\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(125, 170, 266, 287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/rh-gluster-samba/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-gluster-samba/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-gluster-samba/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-nagios/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-nagios/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-nagios/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-bigdata/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-bigdata/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-bigdata/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-nfs/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-nfs/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-nfs/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-splunk/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-splunk/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server-splunk/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-server/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhs-client/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhs-client/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhs-client/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libsmbclient-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libsmbclient-devel-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libwbclient-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libwbclient-devel-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'python3-samba-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-client-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-client-libs-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-common-4.11.6-112.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-common-libs-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-common-tools-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-devel-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-krb5-printing-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-libs-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-pidl-4.11.6-112.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-vfs-glusterfs-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-clients-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-krb5-locator-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-modules-4.11.6-112.el7rhgs', 'cpu':'x86_64', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:57", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4.\n Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.(CVE-2020-10730)\n\n - A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.(CVE-2020-10760)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-2533)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10730", "CVE-2020-10760", "CVE-2020-14318", "CVE-2020-14323"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ctdb", "p-cpe:/a:huawei:euleros:ctdb-tests", "p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:python2-samba", "p-cpe:/a:huawei:euleros:python2-samba-test", "p-cpe:/a:huawei:euleros:python3-samba", "p-cpe:/a:huawei:euleros:python3-samba-test", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-dc-libs", "p-cpe:/a:huawei:euleros:samba-krb5-printing", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-pidl", "p-cpe:/a:huawei:euleros:samba-test", "p-cpe:/a:huawei:euleros:samba-test-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-krb5-locator", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2533.NASL", "href": "https://www.tenable.com/plugins/nessus/144176", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144176);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10730\",\n \"CVE-2020-10760\",\n \"CVE-2020-14318\",\n \"CVE-2020-14323\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-2533)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A NULL pointer dereference, or possible use-after-free\n flaw was found in Samba AD LDAP server in versions\n before 4.10.17, before 4.11.11 and before 4.12.4.\n Although some versions of Samba shipped with Red Hat\n Enterprise Linux do not support Samba in AD mode, the\n affected code is shipped with the libldb package. This\n flaw allows an authenticated user to possibly trigger a\n use-after-free or NULL pointer dereference. The highest\n threat from this vulnerability is to system\n availability.(CVE-2020-10730)\n\n - A use-after-free flaw was found in all samba LDAP\n server versions before 4.10.17, before 4.11.11, before\n 4.12.4 used in a AC DC configuration. A Samba LDAP user\n could use this flaw to crash samba.(CVE-2020-10760)\n\n - A flaw was found in the way samba handled file and\n directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory\n information which otherwise would be unavailable to the\n attacker.(CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's\n Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this\n flaw to crash the winbind service causing denial of\n service.(CVE-2020-14323)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2533\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4823fe5d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14318\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ctdb-4.9.1-2.h27.eulerosv2r8\",\n \"ctdb-tests-4.9.1-2.h27.eulerosv2r8\",\n \"libsmbclient-4.9.1-2.h27.eulerosv2r8\",\n \"libwbclient-4.9.1-2.h27.eulerosv2r8\",\n \"python2-samba-4.9.1-2.h27.eulerosv2r8\",\n \"python2-samba-test-4.9.1-2.h27.eulerosv2r8\",\n \"python3-samba-4.9.1-2.h27.eulerosv2r8\",\n \"python3-samba-test-4.9.1-2.h27.eulerosv2r8\",\n \"samba-4.9.1-2.h27.eulerosv2r8\",\n \"samba-client-4.9.1-2.h27.eulerosv2r8\",\n \"samba-client-libs-4.9.1-2.h27.eulerosv2r8\",\n \"samba-common-4.9.1-2.h27.eulerosv2r8\",\n \"samba-common-libs-4.9.1-2.h27.eulerosv2r8\",\n \"samba-common-tools-4.9.1-2.h27.eulerosv2r8\",\n \"samba-dc-libs-4.9.1-2.h27.eulerosv2r8\",\n \"samba-krb5-printing-4.9.1-2.h27.eulerosv2r8\",\n \"samba-libs-4.9.1-2.h27.eulerosv2r8\",\n \"samba-pidl-4.9.1-2.h27.eulerosv2r8\",\n \"samba-test-4.9.1-2.h27.eulerosv2r8\",\n \"samba-test-libs-4.9.1-2.h27.eulerosv2r8\",\n \"samba-winbind-4.9.1-2.h27.eulerosv2r8\",\n \"samba-winbind-clients-4.9.1-2.h27.eulerosv2r8\",\n \"samba-winbind-krb5-locator-4.9.1-2.h27.eulerosv2r8\",\n \"samba-winbind-modules-4.9.1-2.h27.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:25:54", "description": "The remote host is affected by the vulnerability described in GLSA-202012-24 (Samba: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2020-12-28T00:00:00", "type": "nessus", "title": "GLSA-202012-24 : Samba: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14318", "CVE-2020-14323", "CVE-2020-14383", "CVE-2020-1472"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:samba"], "id": "GENTOO_GLSA-202012-24.NASL", "href": "https://www.tenable.com/plugins/nessus/144607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202012-24.\n#\n# The advisory text is Copyright (C) 2001-2023 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144607);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-14318\", \"CVE-2020-14323\", \"CVE-2020-14383\", \"CVE-2020-1472\");\n script_xref(name:\"GLSA\", value:\"202012-24\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"GLSA-202012-24 : Samba: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202012-24\n(Samba: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Samba. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202012-24\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Samba users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-fs/samba-4.12.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-fs/samba\", unaffected:make_list(\"ge 4.12.9\"), vulnerable:make_list(\"lt 4.12.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:47:06", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities:\n\n - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange.\n In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). (CVE-2019-14907)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2021-0167)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14907", "CVE-2020-14318", "CVE-2020-14323", "CVE-2020-1472"], "modified": "2023-05-23T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:ctdb", "p-cpe:/a:zte:cgsl_core:ctdb-tests", "p-cpe:/a:zte:cgsl_core:libsmbclient", "p-cpe:/a:zte:cgsl_core:libsmbclient-devel", "p-cpe:/a:zte:cgsl_core:libwbclient", "p-cpe:/a:zte:cgsl_core:libwbclient-devel", "p-cpe:/a:zte:cgsl_core:samba", "p-cpe:/a:zte:cgsl_core:samba-client", "p-cpe:/a:zte:cgsl_main:libwbclient", "p-cpe:/a:zte:cgsl_main:libwbclient-devel", "p-cpe:/a:zte:cgsl_main:samba", "p-cpe:/a:zte:cgsl_main:samba-client", "p-cpe:/a:zte:cgsl_main:samba-client-libs", "p-cpe:/a:zte:cgsl_main:samba-common", "p-cpe:/a:zte:cgsl_main:samba-common-libs", "p-cpe:/a:zte:cgsl_main:samba-common-tools", "p-cpe:/a:zte:cgsl_main:samba-dc", "p-cpe:/a:zte:cgsl_main:samba-dc-libs", "p-cpe:/a:zte:cgsl_main:samba-devel", "p-cpe:/a:zte:cgsl_main:samba-krb5-printing", "p-cpe:/a:zte:cgsl_main:samba-libs", "p-cpe:/a:zte:cgsl_main:samba-pidl", "p-cpe:/a:zte:cgsl_main:samba-python", "p-cpe:/a:zte:cgsl_main:samba-python-test", "p-cpe:/a:zte:cgsl_main:samba-test", "p-cpe:/a:zte:cgsl_main:samba-test-libs", "p-cpe:/a:zte:cgsl_main:samba-vfs-glusterfs", "p-cpe:/a:zte:cgsl_main:samba-winbind", "p-cpe:/a:zte:cgsl_main:samba-winbind-clients", "p-cpe:/a:zte:cgsl_main:samba-winbind-krb5-locator", "p-cpe:/a:zte:cgsl_main:samba-winbind-modules", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5", "p-cpe:/a:zte:cgsl_core:samba-client-libs", "p-cpe:/a:zte:cgsl_core:samba-common", "p-cpe:/a:zte:cgsl_core:samba-common-libs", "p-cpe:/a:zte:cgsl_core:samba-common-tools", "p-cpe:/a:zte:cgsl_core:samba-dc", "p-cpe:/a:zte:cgsl_core:samba-dc-libs", "p-cpe:/a:zte:cgsl_core:samba-devel", "p-cpe:/a:zte:cgsl_core:samba-krb5-printing", "p-cpe:/a:zte:cgsl_core:samba-libs", "p-cpe:/a:zte:cgsl_core:samba-pidl", "p-cpe:/a:zte:cgsl_core:samba-python", "p-cpe:/a:zte:cgsl_core:samba-python-test", "p-cpe:/a:zte:cgsl_core:samba-test", "p-cpe:/a:zte:cgsl_core:samba-test-libs", "p-cpe:/a:zte:cgsl_core:samba-vfs-glusterfs", "p-cpe:/a:zte:cgsl_core:samba-winbind", "p-cpe:/a:zte:cgsl_core:samba-winbind-clients", "p-cpe:/a:zte:cgsl_core:samba-winbind-krb5-locator", "p-cpe:/a:zte:cgsl_core:samba-winbind-modules", "p-cpe:/a:zte:cgsl_main:libsmbclient"], "id": "NEWSTART_CGSL_NS-SA-2021-0167_SAMBA.NASL", "href": "https://www.tenable.com/plugins/nessus/154485", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0167. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154485);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/23\");\n\n script_cve_id(\n \"CVE-2019-14907\",\n \"CVE-2020-1472\",\n \"CVE-2020-14318\",\n \"CVE-2020-14323\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0508-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0438-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0367-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/09/21\");\n script_xref(name:\"CISA-NCAS\", value:\"AA22-011A\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0129\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0101\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0008\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0121\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2023-0016\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2021-0167)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by\nmultiple vulnerabilities:\n\n - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where\n if it is set with log level = 3 (or above) then the string obtained from the client, after a failed\n character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange.\n In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to\n terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a\n crash there is harmless). (CVE-2019-14907)\n\n - A flaw was found in the way samba handled file and directory permissions. An authenticated user could use\n this flaw to gain access to certain file and directory information which otherwise would be unavailable to\n the attacker. (CVE-2020-14318)\n\n - A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before\n 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of\n service. (CVE-2020-14323)\n\n - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure\n channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon\n Elevation of Privilege Vulnerability'. (CVE-2020-1472)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0167\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-14907\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14318\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14323\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-1472\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL samba packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1472\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:samba-win