DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2020-25719", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-25719", "description": "A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.", "published": "2022-02-18T18:15:00", "modified": "2023-09-17T09:15:00", "epss": [{"cve": "CVE-2020-25719", "epss": 0.001, "percentile": 0.40745, "modified": "2023-09-25"}], "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25719", "reporter": "secalert@redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=2019732", "https://www.samba.org/samba/security/CVE-2020-25719.html", "https://security.gentoo.org/glsa/202309-06"], "cvelist": ["CVE-2020-25719"], "immutableFields": [], "lastseen": "2023-09-25T22:04:33", "viewCount": 773, "enchantments": {"backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:5142"]}, {"type": "centos", "idList": ["CESA-2021:5195"]}, {"type": "cisa", "idList": ["CISA:7654250BF4793EF3C7F73F123A9B6747"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5003-1:02DD1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-25719"]}, {"type": "fedora", "idList": ["FEDORA:553FD313C434", "FEDORA:A43C930FA07D"]}, {"type": "freebsd", "idList": ["646923B0-41C7-11EC-A3B2-005056A311D1"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-5142.NASL", "DEBIAN_DSA-5003.NASL", "ORACLELINUX_ELSA-2021-5142.NASL", "ORACLELINUX_ELSA-2021-5195.NASL", "REDHAT-RHSA-2021-5142.NASL", "REDHAT-RHSA-2021-5195.NASL", "SAMBA_4_15_2.NASL", "SL_20211216_IPA_ON_SL7_X.NASL", "SUSE_SU-2021-3647-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-5142", "ELSA-2021-5195"]}, {"type": "redhat", "idList": ["RHSA-2021:5142", "RHSA-2021:5195"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-25719"]}, {"type": "samba", "idList": ["SAMBA:CVE-2020-25719"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3647-1"]}, {"type": "ubuntu", "idList": ["USN-5142-1", "USN-5142-2", "USN-5142-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25719"]}]}, "score": {"value": 2.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:5142"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-25719"]}, {"type": "altlinux", "idList": ["20CA683D2CF97ADF91AB3B432668CB10"]}, {"type": "amazon", "idList": ["ALAS2-2023-2149"]}, {"type": "centos", "idList": ["CESA-2021:5195"]}, {"type": "cisa", "idList": ["CISA:7654250BF4793EF3C7F73F123A9B6747"]}, {"type": "cnvd", "idList": ["CNVD-2022-15500"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5003-1:02DD1", "DEBIAN:DSA-5003-1:8E2FB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-25719"]}, {"type": "fedora", "idList": ["FEDORA:553FD313C434", "FEDORA:5822630A3C02", "FEDORA:A43C930FA07D", "FEDORA:D24DD30A3C02", "FEDORA:EACD530A3C34"]}, {"type": "freebsd", "idList": ["646923B0-41C7-11EC-A3B2-005056A311D1"]}, {"type": "gentoo", "idList": ["GLSA-202309-06"]}, {"type": "mageia", "idList": ["MGASA-2021-0585"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-224.NASL", "AL2_ALAS-2023-2149.NASL", "ALMA_LINUX_ALSA-2021-5142.NASL", "CENTOS8_RHSA-2021-5142.NASL", "CENTOS_RHSA-2021-5195.NASL", "DEBIAN_DSA-5003.NASL", "EULEROS_SA-2022-1246.NASL", "EULEROS_SA-2022-1258.NASL", "EULEROS_SA-2022-1295.NASL", "EULEROS_SA-2022-1311.NASL", "EULEROS_SA-2022-1387.NASL", "EULEROS_SA-2022-1413.NASL", "GENTOO_GLSA-202309-06.NASL", "OPENSUSE-2021-3647.NASL", "ORACLELINUX_ELSA-2021-5142.NASL", "ORACLELINUX_ELSA-2021-5195.NASL", "REDHAT-RHSA-2021-5142.NASL", "REDHAT-RHSA-2021-5195.NASL", "REDHAT-RHSA-2022-0007.NASL", "REDHAT-RHSA-2022-0076.NASL", "SAMBA_4_15_2.NASL", "SL_20211216_IPA_ON_SL7_X.NASL", "SUSE_SU-2021-3647-1.NASL", "UBUNTU_USN-5142-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-5142", "ELSA-2021-5195"]}, {"type": "osv", "idList": ["OSV:CVE-2020-25719", "OSV:DSA-5003-1"]}, {"type": "redhat", "idList": ["RHSA-2021:5142", "RHSA-2021:5195", "RHSA-2022:0007", "RHSA-2022:0076"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-25719"]}, {"type": "rocky", "idList": ["RLSA-2021:5142"]}, {"type": "samba", "idList": ["SAMBA:CVE-2020-25719"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3647-1"]}, {"type": "ubuntu", "idList": ["USN-5142-1", "USN-5142-2", "USN-5142-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25719"]}, {"type": "veracode", "idList": ["VERACODE:32941"]}]}, "affected_software": {"major_version": [{"name": "samba", "version": 4}, {"name": "samba", "version": 4}, {"name": "samba", "version": 4}, {"name": "debian debian linux", "version": 9}, {"name": "debian debian linux", "version": 10}, {"name": "fedoraproject fedora", "version": 33}, {"name": "fedoraproject fedora", "version": 34}, {"name": "fedoraproject fedora", "version": 35}, {"name": "canonical ubuntu linux", "version": 20}, {"name": "canonical ubuntu linux", "version": 21}, {"name": "canonical ubuntu linux", "version": 21}, {"name": "redhat enterprise linux desktop", "version": 7}, {"name": "redhat enterprise linux workstation", "version": 7}, {"name": "redhat enterprise linux for scientific computing", "version": 7}, {"name": "redhat enterprise linux", "version": 7}, {"name": "redhat enterprise linux for power little endian", "version": 7}, {"name": "redhat enterprise linux for power big endian", "version": 7}, {"name": "redhat enterprise linux for ibm z systems", "version": 7}, {"name": "redhat enterprise linux", "version": 8}, {"name": "redhat enterprise linux eus", "version": 8}, {"name": "redhat enterprise linux eus", "version": 8}, {"name": "redhat enterprise linux for ibm z systems", "version": 8}, {"name": "redhat enterprise linux for ibm z systems eus", "version": 8}, {"name": "redhat enterprise linux for ibm z systems eus", "version": 8}, {"name": "redhat enterprise linux for power little endian", "version": 8}, {"name": "redhat enterprise linux for power little endian eus", "version": 8}, {"name": "redhat enterprise linux for power little endian eus", "version": 8}, {"name": "redhat enterprise linux server aus", "version": 8}, {"name": "redhat enterprise linux server aus", "version": 8}, {"name": "redhat enterprise linux server tus", "version": 8}, {"name": "redhat enterprise linux server tus", "version": 8}, {"name": "redhat enterprise linux server update services for sap solutions", "version": 8}, {"name": "redhat enterprise linux server update services for sap solutions", "version": 8}]}, "epss": [{"cve": "CVE-2020-25719", "epss": 0.00063, "percentile": 0.24928, "modified": "2023-05-02"}], "vulnersScore": 2.5}, "_state": {"dependencies": 1695680303, "score": 1695680291, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "dabb01b3ae8080b870746db155209c0a"}, "cna_cvss": {"cna": "redhat", "cvss": {}}, "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:redhat:enterprise_linux_for_power_little_endian:8.0", "cpe:/o:redhat:enterprise_linux_server_tus:8.4", "cpe:/o:redhat:enterprise_linux_server_aus:8.4", "cpe:/o:redhat:enterprise_linux_server_tus:8.2", "cpe:/o:redhat:enterprise_linux_for_scientific_computing:7.0", "cpe:/o:fedoraproject:fedora:35", "cpe:/o:canonical:ubuntu_linux:21.04", "cpe:/o:redhat:enterprise_linux_server_aus:8.2", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.4", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:8.0", "cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2", "cpe:/o:redhat:enterprise_linux_for_power_little_endian_eus:8.2", "cpe:/o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4", "cpe:/o:redhat:enterprise_linux_for_power_big_endian:7.0", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux_for_ibm_z_systems:7.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:canonical:ubuntu_linux:21.10", "cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2", "cpe:/o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4", "cpe:/o:redhat:enterprise_linux_eus:8.4", "cpe:/o:redhat:enterprise_linux_eus:8.2", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_for_power_little_endian:7.0"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*"], "cwe": ["CWE-362"], "affectedSoftware": [{"cpeName": "samba:samba", "version": "4.15.2", "operator": "lt", "name": "samba"}, {"cpeName": "samba:samba", "version": "4.14.10", "operator": "lt", "name": "samba"}, {"cpeName": "samba:samba", "version": "4.13.14", "operator": "lt", "name": "samba"}, {"cpeName": "debian:debian_linux", "version": "9.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "debian:debian_linux", "version": "10.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "34", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "35", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "canonical:ubuntu_linux", "version": "20.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "21.04", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "canonical:ubuntu_linux", "version": "21.10", "operator": "eq", "name": "canonical ubuntu linux"}, {"cpeName": "redhat:enterprise_linux_desktop", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux desktop"}, {"cpeName": "redhat:enterprise_linux_workstation", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux workstation"}, {"cpeName": "redhat:enterprise_linux_for_scientific_computing", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux for scientific computing"}, {"cpeName": "redhat:enterprise_linux", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:enterprise_linux_for_power_little_endian", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux for power little endian"}, {"cpeName": "redhat:enterprise_linux_for_power_big_endian", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux for power big endian"}, {"cpeName": "redhat:enterprise_linux_for_ibm_z_systems", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux for ibm z systems"}, {"cpeName": "redhat:enterprise_linux", "version": "8.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:enterprise_linux_eus", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux eus"}, {"cpeName": "redhat:enterprise_linux_server_tus", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux server tus"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "redhat:enterprise_linux_server_tus", "version": "8.4", "operator": "eq", "name": "redhat enterprise linux server tus"}, {"cpeName": "redhat:enterprise_linux_eus", "version": "8.4", "operator": "eq", "name": "redhat enterprise linux eus"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "8.4", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "redhat:enterprise_linux_server_update_services_for_sap_solutions", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux server update services for sap solutions"}, {"cpeName": "redhat:enterprise_linux_server_update_services_for_sap_solutions", "version": "8.4", "operator": "eq", "name": "redhat enterprise linux server update services for sap solutions"}, {"cpeName": "redhat:enterprise_linux_for_power_little_endian_eus", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux for power little endian eus"}, {"cpeName": "redhat:enterprise_linux_for_ibm_z_systems_eus", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux for ibm z systems eus"}, {"cpeName": "redhat:enterprise_linux_for_power_little_endian", "version": "8.0", "operator": "eq", "name": "redhat enterprise linux for power little endian"}, {"cpeName": "redhat:enterprise_linux_for_ibm_z_systems_eus", "version": "8.4", "operator": "eq", "name": "redhat enterprise linux for ibm z systems eus"}, {"cpeName": "redhat:enterprise_linux_for_ibm_z_systems", "version": "8.0", "operator": "eq", "name": "redhat enterprise linux for ibm z systems"}, {"cpeName": "redhat:enterprise_linux_for_power_little_endian_eus", "version": "8.4", "operator": "eq", "name": "redhat enterprise linux for power little endian eus"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:samba:samba:4.15.2:*:*:*:*:*:*:*", "versionStartIncluding": "4.15.0", "versionEndExcluding": "4.15.2", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:samba:samba:4.14.10:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.0", "versionEndExcluding": "4.14.10", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:samba:samba:4.13.14:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "versionEndExcluding": "4.13.14", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019732", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2019732", "refsource": "MISC", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://www.samba.org/samba/security/CVE-2020-25719.html", "name": "https://www.samba.org/samba/security/CVE-2020-25719.html", "refsource": "MISC", "tags": ["Mitigation", "Vendor Advisory"]}, {"url": "https://security.gentoo.org/glsa/202309-06", "name": "GLSA-202309-06", "refsource": "GENTOO", "tags": []}], "product_info": [{"vendor": "Redhat", "product": "Enterprise_linux"}, {"vendor": "Redhat", "product": "Enterprise_linux_eus"}, {"vendor": "Redhat", "product": "Enterprise_linux_desktop"}, {"vendor": "Fedoraproject", "product": "Fedora"}, {"vendor": "Redhat", "product": "Enterprise_linux_server_update_services_for_sap_solutions"}, {"vendor": "Redhat", "product": "Enterprise_linux_server_tus"}, {"vendor": "Redhat", "product": "Enterprise_linux_workstation"}, {"vendor": "Redhat", "product": "Enterprise_linux_for_power_big_endian"}, {"vendor": "Redhat", "product": "Enterprise_linux_for_ibm_z_systems"}, {"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Redhat", "product": "Enterprise_linux_for_scientific_computing"}, {"vendor": "Redhat", "product": "Enterprise_linux_for_power_little_endian_eus"}, {"vendor": "Samba", "product": "Samba"}, {"vendor": "Redhat", "product": "Enterprise_linux_for_ibm_z_systems_eus"}, {"vendor": "Redhat", "product": "Enterprise_linux_for_power_little_endian"}, {"vendor": "Redhat", "product": "Enterprise_linux_server_aus"}, {"vendor": "Canonical", "product": "Ubuntu_linux"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-287", "cweId": "CWE-287"}]}], "exploits": [], "assigned": "2020-09-16T00:00:00"}

{"nessus": [{"lastseen": "2023-05-18T15:36:36", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:5142 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-16T00:00:00", "type": "nessus", "title": "CentOS 8 : idm:DL1 (CESA-2021:5142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2022-03-01T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bind-dyndb-ldap", "p-cpe:/a:centos:centos:custodia", "p-cpe:/a:centos:centos:ipa-healthcheck", "p-cpe:/a:centos:centos:ipa-healthcheck-core", "p-cpe:/a:centos:centos:opendnssec", "p-cpe:/a:centos:centos:python3-custodia", "p-cpe:/a:centos:centos:python3-jwcrypto", "p-cpe:/a:centos:centos:python3-kdcproxy", "p-cpe:/a:centos:centos:python3-pyusb", "p-cpe:/a:centos:centos:python3-qrcode", "p-cpe:/a:centos:centos:python3-qrcode-core", "p-cpe:/a:centos:centos:python3-yubico", "p-cpe:/a:centos:centos:slapi-nis", "p-cpe:/a:centos:centos:softhsm", "p-cpe:/a:centos:centos:softhsm-devel"], "id": "CENTOS8_RHSA-2021-5142.NASL", "href": "https://www.tenable.com/plugins/nessus/156117", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:5142. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156117);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/01\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"RHSA\", value:\"2021:5142\");\n\n script_name(english:\"CentOS 8 : idm:DL1 (CESA-2021:5142)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:5142 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5142\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-healthcheck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-healthcheck-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:opendnssec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-jwcrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-kdcproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-pyusb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qrcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-qrcode-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-yubico\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:slapi-nis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:softhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:softhsm-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'bind-dyndb-ldap-11.6-2.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bind-dyndb-ldap-11.6-2.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.7-6.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.7-6.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.7-6.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.7-6.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module_el8.2.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module_el8.2.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-4.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-4.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind-dyndb-ldap / custodia / ipa-healthcheck / ipa-healthcheck-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:31", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5142 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-15T00:00:00", "type": "nessus", "title": "RHEL 8 : idm:DL1 (RHSA-2021:5142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap", "p-cpe:/a:redhat:enterprise_linux:custodia", "p-cpe:/a:redhat:enterprise_linux:ipa-client", "p-cpe:/a:redhat:enterprise_linux:ipa-client-common", "p-cpe:/a:redhat:enterprise_linux:ipa-client-epn", "p-cpe:/a:redhat:enterprise_linux:ipa-client-samba", "p-cpe:/a:redhat:enterprise_linux:ipa-common", "p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck", "p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core", "p-cpe:/a:redhat:enterprise_linux:ipa-python-compat", "p-cpe:/a:redhat:enterprise_linux:ipa-selinux", "p-cpe:/a:redhat:enterprise_linux:ipa-server", "p-cpe:/a:redhat:enterprise_linux:ipa-server-common", "p-cpe:/a:redhat:enterprise_linux:ipa-server-dns", "p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad", "p-cpe:/a:redhat:enterprise_linux:opendnssec", "p-cpe:/a:redhat:enterprise_linux:python3-custodia", "p-cpe:/a:redhat:enterprise_linux:python3-ipaclient", "p-cpe:/a:redhat:enterprise_linux:python3-ipalib", "p-cpe:/a:redhat:enterprise_linux:python3-ipaserver", "p-cpe:/a:redhat:enterprise_linux:python3-ipatests", "p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto", "p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy", "p-cpe:/a:redhat:enterprise_linux:python3-pyusb", "p-cpe:/a:redhat:enterprise_linux:python3-qrcode", "p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core", "p-cpe:/a:redhat:enterprise_linux:python3-yubico", "p-cpe:/a:redhat:enterprise_linux:slapi-nis", "p-cpe:/a:redhat:enterprise_linux:softhsm", "p-cpe:/a:redhat:enterprise_linux:softhsm-devel"], "id": "REDHAT-RHSA-2021-5142.NASL", "href": "https://www.tenable.com/plugins/nessus/156107", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5142. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156107);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"RHSA\", value:\"2021:5142\");\n\n script_name(english:\"RHEL 8 : idm:DL1 (RHSA-2021:5142)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:5142 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2019732\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-epn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opendnssec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipatests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyusb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qrcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-yubico\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slapi-nis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:softhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:softhsm-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'idm:DL1': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-epn-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-samba-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.7-6.module+el8.5.0+11410+91a33fe4', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.7-6.module+el8.5.0+11410+91a33fe4', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-selinux-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaclient-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipalib-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaserver-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipatests-4.9.6-10.module+el8.5.0+13587+92118e57', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456', 'sp':'6', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e', 'sp':'6', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-4.module+el8.5.0+12583+bf7ffcf6', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module+el8.4.0+10227+076cd560', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-epn-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-samba-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.7-6.module+el8.5.0+11410+91a33fe4', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.7-6.module+el8.5.0+11410+91a33fe4', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-selinux-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaclient-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipalib-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaserver-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipatests-4.9.6-10.module+el8.5.0+13587+92118e57', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e', 'release':'8', 'el_string':'el8.1.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-4.module+el8.5.0+12583+bf7ffcf6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module+el8.4.0+10227+076cd560', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/idm');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\nif ('DL1' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module idm:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind-dyndb-ldap / custodia / ipa-client / ipa-client-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:23", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:5142 advisory.\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-11T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : idm:DL1 (ALSA-2021:5142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2022-03-11T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bind-dyndb-ldap", "p-cpe:/a:alma:linux:custodia", "p-cpe:/a:alma:linux:ipa-client", "p-cpe:/a:alma:linux:ipa-client-common", "p-cpe:/a:alma:linux:ipa-client-epn", "p-cpe:/a:alma:linux:ipa-client-samba", "p-cpe:/a:alma:linux:ipa-common", "p-cpe:/a:alma:linux:ipa-healthcheck", "p-cpe:/a:alma:linux:ipa-healthcheck-core", "p-cpe:/a:alma:linux:ipa-python-compat", "p-cpe:/a:alma:linux:ipa-selinux", "p-cpe:/a:alma:linux:ipa-server", "p-cpe:/a:alma:linux:ipa-server-common", "p-cpe:/a:alma:linux:ipa-server-dns", "p-cpe:/a:alma:linux:ipa-server-trust-ad", "p-cpe:/a:alma:linux:opendnssec", "p-cpe:/a:alma:linux:python3-custodia", "p-cpe:/a:alma:linux:python3-ipaclient", "p-cpe:/a:alma:linux:python3-ipalib", "p-cpe:/a:alma:linux:python3-ipaserver", "p-cpe:/a:alma:linux:python3-ipatests", "p-cpe:/a:alma:linux:python3-jwcrypto", "p-cpe:/a:alma:linux:python3-kdcproxy", "p-cpe:/a:alma:linux:python3-pyusb", "p-cpe:/a:alma:linux:python3-qrcode", "p-cpe:/a:alma:linux:python3-qrcode-core", "p-cpe:/a:alma:linux:python3-yubico", "p-cpe:/a:alma:linux:slapi-nis", "p-cpe:/a:alma:linux:softhsm", "p-cpe:/a:alma:linux:softhsm-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-5142.NASL", "href": "https://www.tenable.com/plugins/nessus/158848", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:5142.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158848);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/11\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"ALSA\", value:\"2021:5142\");\n\n script_name(english:\"AlmaLinux 8 : idm:DL1 (ALSA-2021:5142)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2021:5142 advisory.\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-5142.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-client-epn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-client-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-healthcheck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-healthcheck-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:opendnssec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-ipaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-ipatests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-jwcrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-kdcproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-pyusb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-qrcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-qrcode-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-yubico\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:slapi-nis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:softhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:softhsm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/idm');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\nif ('DL1' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module idm:' + module_ver);\n\nvar appstreams = {\n 'idm:DL1': [\n {'reference':'bind-dyndb-ldap-11.6-2.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.9.6-10.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-epn-4.9.6-10.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-samba-4.9.6-10.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.7-6.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.7-6.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-selinux-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.9.6-10.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.9.6-10.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaclient-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipalib-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaserver-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipatests-4.9.6-10.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module_el8.5.0+2603+92118e57', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-4.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module_el8.5.0+2603+92118e57', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind-dyndb-ldap / custodia / ipa-client / ipa-client-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:27:20", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:5195 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-17T00:00:00", "type": "nessus", "title": "RHEL 7 : ipa (RHSA-2021:5195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ipa-client", "p-cpe:/a:redhat:enterprise_linux:ipa-client-common", "p-cpe:/a:redhat:enterprise_linux:ipa-common", "p-cpe:/a:redhat:enterprise_linux:ipa-python-compat", "p-cpe:/a:redhat:enterprise_linux:ipa-server", "p-cpe:/a:redhat:enterprise_linux:ipa-server-common", "p-cpe:/a:redhat:enterprise_linux:ipa-server-dns", "p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad", "p-cpe:/a:redhat:enterprise_linux:python2-ipaclient", "p-cpe:/a:redhat:enterprise_linux:python2-ipalib", "p-cpe:/a:redhat:enterprise_linux:python2-ipaserver"], "id": "REDHAT-RHSA-2021-5195.NASL", "href": "https://www.tenable.com/plugins/nessus/156133", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5195. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156133);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"RHSA\", value:\"2021:5195\");\n\n script_name(english:\"RHEL 7 : ipa (RHSA-2021:5195)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:5195 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:5195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2019732\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-ipaserver\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ipa-client-4.6.8-5.el7_9.10', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.6.8-5.el7_9.10', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.6.8-5.el7_9.10', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.6.8-5.el7_9.10', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.el7_9.10', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.el7_9.10', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaclient-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipalib-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaserver-4.6.8-5.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ipa-client / ipa-client-common / ipa-common / ipa-python-compat / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:46", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:5195-1 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ipa on SL7.x x86_64 (2021:5195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2022-03-01T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:ipa-client", "p-cpe:/a:fermilab:scientific_linux:ipa-client-common", "p-cpe:/a:fermilab:scientific_linux:ipa-common", "p-cpe:/a:fermilab:scientific_linux:ipa-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ipa-python-compat", "p-cpe:/a:fermilab:scientific_linux:ipa-server", "p-cpe:/a:fermilab:scientific_linux:ipa-server-common", "p-cpe:/a:fermilab:scientific_linux:ipa-server-dns", "p-cpe:/a:fermilab:scientific_linux:ipa-server-trust-ad", "p-cpe:/a:fermilab:scientific_linux:python2-ipaclient", "p-cpe:/a:fermilab:scientific_linux:python2-ipalib", "p-cpe:/a:fermilab:scientific_linux:python2-ipaserver"], "id": "SL_20211216_IPA_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/156176", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156176);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/01\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:5195\");\n\n script_name(english:\"Scientific Linux Security Update : ipa on SL7.x x86_64 (2021:5195)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2021:5195-1 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20215195-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python2-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python2-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python2-ipaserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'ipa-client-4.6.8-5.el7_9.10', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-debuginfo-4.6.8-5.el7_9.10', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.el7_9.10', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.el7_9.10', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaclient-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipalib-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaserver-4.6.8-5.el7_9.10', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ipa-client / ipa-client-common / ipa-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-20T09:40:59", "description": "It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2149 advisory.\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-20T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : ipa (ALAS-2023-2149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2023-07-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ipa-client", "p-cpe:/a:amazon:linux:ipa-client-common", "p-cpe:/a:amazon:linux:ipa-common", "p-cpe:/a:amazon:linux:ipa-debuginfo", "p-cpe:/a:amazon:linux:ipa-python-compat", "p-cpe:/a:amazon:linux:ipa-server", "p-cpe:/a:amazon:linux:ipa-server-common", "p-cpe:/a:amazon:linux:ipa-server-dns", "p-cpe:/a:amazon:linux:ipa-server-trust-ad", "p-cpe:/a:amazon:linux:python2-ipaclient", "p-cpe:/a:amazon:linux:python2-ipalib", "p-cpe:/a:amazon:linux:python2-ipaserver", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2023-2149.NASL", "href": "https://www.tenable.com/plugins/nessus/178496", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-2149.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178496);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/20\");\n\n script_cve_id(\"CVE-2020-25719\");\n\n script_name(english:\"Amazon Linux 2 : ipa (ALAS-2023-2149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2149 advisory.\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-2149.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ipa' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python2-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python2-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python2-ipaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ipa-client-4.6.8-5.amzn2.4.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.6.8-5.amzn2.4.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.6.8-5.amzn2.4.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-debuginfo-4.6.8-5.amzn2.4.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-debuginfo-4.6.8-5.amzn2.4.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-debuginfo-4.6.8-5.amzn2.4.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.amzn2.4.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.amzn2.4.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.amzn2.4.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.amzn2.4.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.amzn2.4.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.amzn2.4.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaclient-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipalib-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaserver-4.6.8-5.amzn2.4.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipa-client / ipa-client-common / ipa-common / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:26", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-5195 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-17T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ipa (ELSA-2021-5195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2022-03-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:ipa-client", "p-cpe:/a:oracle:linux:ipa-client-common", "p-cpe:/a:oracle:linux:ipa-common", "p-cpe:/a:oracle:linux:ipa-python-compat", "p-cpe:/a:oracle:linux:ipa-server", "p-cpe:/a:oracle:linux:ipa-server-common", "p-cpe:/a:oracle:linux:ipa-server-dns", "p-cpe:/a:oracle:linux:ipa-server-trust-ad", "p-cpe:/a:oracle:linux:python2-ipaclient", "p-cpe:/a:oracle:linux:python2-ipalib", "p-cpe:/a:oracle:linux:python2-ipaserver"], "id": "ORACLELINUX_ELSA-2021-5195.NASL", "href": "https://www.tenable.com/plugins/nessus/156147", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-5195.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156147);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/01\");\n\n script_cve_id(\"CVE-2020-25719\");\n\n script_name(english:\"Oracle Linux 7 : ipa (ELSA-2021-5195)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-5195 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-5195.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python2-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python2-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python2-ipaserver\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'ipa-client-4.6.8-5.0.1.el7_9.10', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.6.8-5.0.1.el7_9.10', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.0.1.el7_9.10', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.0.1.el7_9.10', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.0.1.el7_9.10', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.0.1.el7_9.10', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaclient-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipalib-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaserver-4.6.8-5.0.1.el7_9.10', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ipa-client / ipa-client-common / ipa-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:33:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0007 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-04T00:00:00", "type": "nessus", "title": "RHEL 8 : idm:DL1 (RHSA-2022:0007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap", "p-cpe:/a:redhat:enterprise_linux:custodia", "p-cpe:/a:redhat:enterprise_linux:ipa-client", "p-cpe:/a:redhat:enterprise_linux:ipa-client-common", "p-cpe:/a:redhat:enterprise_linux:ipa-client-epn", "p-cpe:/a:redhat:enterprise_linux:ipa-client-samba", "p-cpe:/a:redhat:enterprise_linux:ipa-common", "p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck", "p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core", "p-cpe:/a:redhat:enterprise_linux:ipa-python-compat", "p-cpe:/a:redhat:enterprise_linux:ipa-selinux", "p-cpe:/a:redhat:enterprise_linux:ipa-server", "p-cpe:/a:redhat:enterprise_linux:ipa-server-common", "p-cpe:/a:redhat:enterprise_linux:ipa-server-dns", "p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad", "p-cpe:/a:redhat:enterprise_linux:opendnssec", "p-cpe:/a:redhat:enterprise_linux:python3-custodia", "p-cpe:/a:redhat:enterprise_linux:python3-ipaclient", "p-cpe:/a:redhat:enterprise_linux:python3-ipalib", "p-cpe:/a:redhat:enterprise_linux:python3-ipaserver", "p-cpe:/a:redhat:enterprise_linux:python3-ipatests", "p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto", "p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy", "p-cpe:/a:redhat:enterprise_linux:python3-pyusb", "p-cpe:/a:redhat:enterprise_linux:python3-qrcode", "p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core", "p-cpe:/a:redhat:enterprise_linux:python3-yubico", "p-cpe:/a:redhat:enterprise_linux:slapi-nis", "p-cpe:/a:redhat:enterprise_linux:softhsm", "p-cpe:/a:redhat:enterprise_linux:softhsm-devel"], "id": "REDHAT-RHSA-2022-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/156465", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0007. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156465);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"RHSA\", value:\"2022:0007\");\n\n script_name(english:\"RHEL 8 : idm:DL1 (RHSA-2022:0007)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0007 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2019732\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-epn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opendnssec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipatests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyusb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qrcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-yubico\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slapi-nis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:softhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:softhsm-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'idm:DL1': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-epn-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-samba-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-selinux-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaclient-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipalib-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaserver-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipatests-4.9.2-6.module+el8.4.0+13654+33612214', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-2.1.module+el8.4.0+12579+0538eac8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module+el8.4.0+10227+076cd560', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/idm');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\nif ('DL1' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module idm:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind-dyndb-ldap / custodia / ipa-client / ipa-client-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:11", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-5142 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : idm:DL1 (ELSA-2021-5142)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2022-03-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bind-dyndb-ldap", "p-cpe:/a:oracle:linux:custodia", "p-cpe:/a:oracle:linux:ipa-client", "p-cpe:/a:oracle:linux:ipa-client-common", "p-cpe:/a:oracle:linux:ipa-client-epn", "p-cpe:/a:oracle:linux:ipa-client-samba", "p-cpe:/a:oracle:linux:ipa-common", "p-cpe:/a:oracle:linux:ipa-healthcheck", "p-cpe:/a:oracle:linux:ipa-healthcheck-core", "p-cpe:/a:oracle:linux:ipa-python-compat", "p-cpe:/a:oracle:linux:ipa-selinux", "p-cpe:/a:oracle:linux:ipa-server", "p-cpe:/a:oracle:linux:ipa-server-common", "p-cpe:/a:oracle:linux:ipa-server-dns", "p-cpe:/a:oracle:linux:ipa-server-trust-ad", "p-cpe:/a:oracle:linux:opendnssec", "p-cpe:/a:oracle:linux:python3-custodia", "p-cpe:/a:oracle:linux:python3-ipaclient", "p-cpe:/a:oracle:linux:python3-ipalib", "p-cpe:/a:oracle:linux:python3-ipaserver", "p-cpe:/a:oracle:linux:python3-ipatests", "p-cpe:/a:oracle:linux:python3-jwcrypto", "p-cpe:/a:oracle:linux:python3-kdcproxy", "p-cpe:/a:oracle:linux:python3-pyusb", "p-cpe:/a:oracle:linux:python3-qrcode", "p-cpe:/a:oracle:linux:python3-qrcode-core", "p-cpe:/a:oracle:linux:python3-yubico", "p-cpe:/a:oracle:linux:slapi-nis", "p-cpe:/a:oracle:linux:softhsm", "p-cpe:/a:oracle:linux:softhsm-devel"], "id": "ORACLELINUX_ELSA-2021-5142.NASL", "href": "https://www.tenable.com/plugins/nessus/156120", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-5142.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156120);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/01\");\n\n script_cve_id(\"CVE-2020-25719\");\n\n script_name(english:\"Oracle Linux 8 : idm:DL1 (ELSA-2021-5142)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-5142 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-5142.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-client-epn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-client-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-healthcheck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-healthcheck-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:opendnssec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-ipaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-ipatests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-jwcrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-kdcproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-pyusb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-qrcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-qrcode-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-yubico\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:slapi-nis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:softhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:softhsm-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/idm');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\nif ('DL1' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module idm:' + module_ver);\n\nvar appstreams = {\n 'idm:DL1': [\n {'reference':'bind-dyndb-ldap-11.6-2.module+el8.4.0+20088+3d202164', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bind-dyndb-ldap-11.6-2.module+el8.4.0+20088+3d202164', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-epn-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-epn-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-samba-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-samba-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.7-6.module+el8.5.0+20379+1b4496cf', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.7-6.module+el8.5.0+20379+1b4496cf', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-selinux-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module+el8.4.0+20088+3d202164', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-2.1.7-1.module+el8.4.0+20088+3d202164', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaclient-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipalib-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaserver-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipatests-4.9.6-10.0.1.module+el8.5.0+20451+6c55862e', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module+el8.3.0+7868+2151076c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-4.module+el8.5.0+20418+88e16a2c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.6-4.module+el8.5.0+20418+88e16a2c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module+el8.4.0+20161+5ecb5b37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.6.0-5.module+el8.4.0+20161+5ecb5b37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module+el8.4.0+20161+5ecb5b37', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.6.0-5.module+el8.4.0+20161+5ecb5b37', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind-dyndb-ldap / custodia / ipa-client / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:18", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:5195 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-21T00:00:00", "type": "nessus", "title": "CentOS 7 : ipa (CESA-2021:5195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2022-03-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ipa-client", "p-cpe:/a:centos:centos:ipa-client-common", "p-cpe:/a:centos:centos:ipa-common", "p-cpe:/a:centos:centos:ipa-python-compat", "p-cpe:/a:centos:centos:ipa-server", "p-cpe:/a:centos:centos:ipa-server-common", "p-cpe:/a:centos:centos:ipa-server-dns", "p-cpe:/a:centos:centos:ipa-server-trust-ad", "p-cpe:/a:centos:centos:python2-ipaclient", "p-cpe:/a:centos:centos:python2-ipalib", "p-cpe:/a:centos:centos:python2-ipaserver", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-5195.NASL", "href": "https://www.tenable.com/plugins/nessus/156242", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:5195 and\n# CentOS Errata and Security Advisory 2021:5195 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156242);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/01\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"RHSA\", value:\"2021:5195\");\n\n script_name(english:\"CentOS 7 : ipa (CESA-2021:5195)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:5195 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-December/060977.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1b0a255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/287.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python2-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python2-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python2-ipaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'ipa-client-4.6.8-5.el7.centos.10', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.6.8-5.el7.centos.10', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.6.8-5.el7.centos.10', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaclient-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipalib-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-ipaserver-4.6.8-5.el7.centos.10', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ipa-client / ipa-client-common / ipa-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:57:29", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0076 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-12T00:00:00", "type": "nessus", "title": "RHEL 8 : idm:DL1 (RHSA-2022:0076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25719"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap", "p-cpe:/a:redhat:enterprise_linux:custodia", "p-cpe:/a:redhat:enterprise_linux:ipa-client", "p-cpe:/a:redhat:enterprise_linux:ipa-client-common", "p-cpe:/a:redhat:enterprise_linux:ipa-client-samba", "p-cpe:/a:redhat:enterprise_linux:ipa-common", "p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck", "p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core", "p-cpe:/a:redhat:enterprise_linux:ipa-idoverride-memberof-plugin", "p-cpe:/a:redhat:enterprise_linux:ipa-python-compat", "p-cpe:/a:redhat:enterprise_linux:ipa-server", "p-cpe:/a:redhat:enterprise_linux:ipa-server-common", "p-cpe:/a:redhat:enterprise_linux:ipa-server-dns", "p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad", "p-cpe:/a:redhat:enterprise_linux:opendnssec", "p-cpe:/a:redhat:enterprise_linux:python3-custodia", "p-cpe:/a:redhat:enterprise_linux:python3-ipaclient", "p-cpe:/a:redhat:enterprise_linux:python3-ipalib", "p-cpe:/a:redhat:enterprise_linux:python3-ipaserver", "p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto", "p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy", "p-cpe:/a:redhat:enterprise_linux:python3-pyusb", "p-cpe:/a:redhat:enterprise_linux:python3-qrcode", "p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core", "p-cpe:/a:redhat:enterprise_linux:python3-yubico", "p-cpe:/a:redhat:enterprise_linux:slapi-nis", "p-cpe:/a:redhat:enterprise_linux:softhsm", "p-cpe:/a:redhat:enterprise_linux:softhsm-devel"], "id": "REDHAT-RHSA-2022-0076.NASL", "href": "https://www.tenable.com/plugins/nessus/156660", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0076. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156660);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2020-25719\");\n script_xref(name:\"RHSA\", value:\"2022:0076\");\n\n script_name(english:\"RHEL 8 : idm:DL1 (RHSA-2022:0076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0076 advisory.\n\n - samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2019732\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-client-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-idoverride-memberof-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-python-compat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:opendnssec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-custodia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipaclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipalib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ipaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyusb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qrcode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-yubico\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:slapi-nis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:softhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:softhsm-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'idm:DL1': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bind-dyndb-ldap-11.2-3.module+el8.2.0+4921+923e30d5', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-common-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-client-samba-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-common-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-0.4-4.module+el8.2.0+5489+95477d9f', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-healthcheck-core-0.4-4.module+el8.2.0+5489+95477d9f', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-idoverride-memberof-plugin-0.0.4-6.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-python-compat-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-common-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-dns-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ipa-server-trust-ad-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaclient-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipalib-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipaserver-4.8.4-12.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slapi-nis-0.56.3-3.module+el8.2.0+13684+242c9723', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-2.4.0-4.module+el8.2.0+5779+a38c524f', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'softhsm-devel-2.4.0-4.module+el8.2.0+5779+a38c524f', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/idm');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\nif ('DL1' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module idm:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind-dyndb-ldap / custodia / ipa-client / ipa-client-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:38:32", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-3738"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/158522", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158522);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1311)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a7a21cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.6-6.h17.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h17.eulerosv2r9\",\n \"samba-4.11.6-6.h17.eulerosv2r9\",\n \"samba-client-4.11.6-6.h17.eulerosv2r9\",\n \"samba-common-4.11.6-6.h17.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h17.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h17.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h17.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h17.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h17.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:38:32", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-3738"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1295.NASL", "href": "https://www.tenable.com/plugins/nessus/158550", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158550);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1295)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1295\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b687d83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.6-6.h17.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h17.eulerosv2r9\",\n \"samba-4.11.6-6.h17.eulerosv2r9\",\n \"samba-client-4.11.6-6.h17.eulerosv2r9\",\n \"samba-common-4.11.6-6.h17.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h17.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h17.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h17.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h17.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h17.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:38:42", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5003 advisory.\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.", "cvss3": {}, "published": "2021-11-10T00:00:00", "type": "nessus", "title": "Debian DSA-5003-1 : samba - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2022-11-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ctdb", "p-cpe:/a:debian:debian_linux:libnss-winbind", "p-cpe:/a:debian:debian_linux:libpam-winbind", "p-cpe:/a:debian:debian_linux:libsmbclient", "p-cpe:/a:debian:debian_linux:libsmbclient-dev", "p-cpe:/a:debian:debian_linux:libwbclient-dev", "p-cpe:/a:debian:debian_linux:libwbclient0", "p-cpe:/a:debian:debian_linux:python3-samba", "p-cpe:/a:debian:debian_linux:registry-tools", "p-cpe:/a:debian:debian_linux:samba", "p-cpe:/a:debian:debian_linux:samba-common", "p-cpe:/a:debian:debian_linux:samba-common-bin", "p-cpe:/a:debian:debian_linux:samba-dev", "p-cpe:/a:debian:debian_linux:samba-dsdb-modules", "p-cpe:/a:debian:debian_linux:samba-libs", "p-cpe:/a:debian:debian_linux:samba-testsuite", "p-cpe:/a:debian:debian_linux:samba-vfs-modules", "p-cpe:/a:debian:debian_linux:smbclient", "p-cpe:/a:debian:debian_linux:winbind", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5003.NASL", "href": "https://www.tenable.com/plugins/nessus/155015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5003. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155015);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\",\n \"CVE-2021-23192\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"Debian DSA-5003-1 : samba - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5003 advisory.\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self- reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/samba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-5003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-2124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-25717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-25718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-25719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-25721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-25722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-23192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/samba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the samba packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'ctdb', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libnss-winbind', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libpam-winbind', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libsmbclient', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libsmbclient-dev', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libwbclient-dev', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libwbclient0', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'python3-samba', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'registry-tools', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba-common', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba-common-bin', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba-dev', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba-dsdb-modules', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba-libs', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba-testsuite', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'samba-vfs-modules', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'smbclient', 'reference': '2:4.13.13+dfsg-1~deb11u2'},\n {'release': '11.0', 'prefix': 'winbind', 'reference': '2:4.13.13+dfsg-1~deb11u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libsmbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:40:10", "description": "The version of Samba running on the remote host is 4.13.x prior to 4.13.14, 4.14.x prior to 4.14.10, or 4.15.x prior to 4.15.2. It is, therefore, potentially affected by multiple vulnerabilities as referenced in the vendor advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-19T00:00:00", "type": "nessus", "title": "Samba 4.13.x < 4.13.14 / 4.14.x < 4.14.10 / 4.15.x < 4.15.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2022-11-28T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_4_15_2.NASL", "href": "https://www.tenable.com/plugins/nessus/155620", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155620);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\",\n \"CVE-2021-23192\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"Samba 4.13.x < 4.13.14 / 4.14.x < 4.14.10 / 4.15.x < 4.15.2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is potentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is 4.13.x prior to 4.13.14, 4.14.x prior to 4.14.10, or 4.15.x prior to\n4.15.2. It is, therefore, potentially affected by multiple vulnerabilities as referenced in the vendor advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2016-2124.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-25717.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-25718.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-25719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-25721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2020-25722.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2021-3738.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2021-23192.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 4.13.14 / 4.14.10 / 4.15.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::samba::get_app_info();\n\nif (report_paranoia < 2) \n audit(AUDIT_PARANOID);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n {'min_version':'4.13.0', 'fixed_version':'4.13.14'},\n {'min_version':'4.14.0', 'fixed_version':'4.14.10'},\n {'min_version':'4.15.0', 'fixed_version':'4.15.2'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-25T14:54:56", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2022-1387)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-1387.NASL", "href": "https://www.tenable.com/plugins/nessus/159873", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159873);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3671\",\n \"CVE-2021-3738\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2022-1387)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now\n provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ\n (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections\n via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb\n database. However while the database was correctly shared, the user credentials state was only pointed at,\n and when one connection within that association group ended, the database would be left pointing at an\n invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-\n after-free could instead allow different user state to be pointed at and this might allow more privileged\n access. (CVE-2021-3738)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1387\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?246d6a5e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.12-3.h9.eulerosv2r10\",\n \"libwbclient-4.11.12-3.h9.eulerosv2r10\",\n \"samba-4.11.12-3.h9.eulerosv2r10\",\n \"samba-client-4.11.12-3.h9.eulerosv2r10\",\n \"samba-common-4.11.12-3.h9.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h9.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h9.eulerosv2r10\",\n \"samba-winbind-4.11.12-3.h9.eulerosv2r10\",\n \"samba-winbind-clients-4.11.12-3.h9.eulerosv2r10\",\n \"samba-winbind-modules-4.11.12-3.h9.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:39:32", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3647-1 advisory.\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba and ldb (SUSE-SU-2021:3647-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ctdb", "p-cpe:/a:novell:suse_linux:ldb-tools", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit", "p-cpe:/a:novell:suse_linux:libdcerpc-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel", "p-cpe:/a:novell:suse_linux:libdcerpc-samr0", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-32bit", "p-cpe:/a:novell:suse_linux:libldb-devel", "p-cpe:/a:novell:suse_linux:libldb2", "p-cpe:/a:novell:suse_linux:libldb2-32bit", "p-cpe:/a:novell:suse_linux:libndr-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit", "p-cpe:/a:novell:suse_linux:libndr-nbt-devel", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit", "p-cpe:/a:novell:suse_linux:libndr-standard-devel", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-32bit", "p-cpe:/a:novell:suse_linux:libndr1", "p-cpe:/a:novell:suse_linux:libndr1-32bit", "p-cpe:/a:novell:suse_linux:libnetapi-devel", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-credentials-devel", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-errors-devel", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-passdb-devel", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:libsamba-util-devel", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-32bit", "p-cpe:/a:novell:suse_linux:libsamdb-devel", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-32bit", "p-cpe:/a:novell:suse_linux:libsmbclient-devel", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbconf-devel", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-32bit", "p-cpe:/a:novell:suse_linux:libsmbldap-devel", "p-cpe:/a:novell:suse_linux:libsmbldap2", "p-cpe:/a:novell:suse_linux:libsmbldap2-32bit", "p-cpe:/a:novell:suse_linux:libtevent-util-devel", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-32bit", "p-cpe:/a:novell:suse_linux:libwbclient-devel", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit", "p-cpe:/a:novell:suse_linux:python3-ldb", "p-cpe:/a:novell:suse_linux:python3-ldb-devel", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:samba-ceph", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-core-devel", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:samba-gpupdate", "p-cpe:/a:novell:suse_linux:samba-ldb-ldap", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3647-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155048", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3647-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155048);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\",\n \"CVE-2021-23192\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3647-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba and ldb (SUSE-SU-2021:3647-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3647-1 advisory.\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now\n provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large\n DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data,\n bypassing the signature requirements. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections\n via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb\n database. However while the database was correctly shared, the user credentials state was only pointed at,\n and when one connection within that association group ended, the database would be left pointing at an\n invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-\n after-free could instead allow different user state to be pointed at and this might allow more privileged\n access. (CVE-2021-3738)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1014440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-2124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3738\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009716.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?96cd5fc0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-ldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-ldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-gpupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ldb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'ctdb-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ldb-tools-2.2.2-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'ldb-tools-2.2.2-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb-devel-2.2.2-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb-devel-2.2.2-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-2.2.2-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-2.2.2-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-32bit-2.2.2-3.3.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libldb2-32bit-2.2.2-3.3.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr1-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libndr1-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-2.2.2-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-2.2.2-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-devel-2.2.2-3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'python3-ldb-devel-2.2.2-3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-client-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-python2-release-15.3']},\n {'reference':'samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-python2-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ldb-tools / libdcerpc-binding0 / libdcerpc-binding0-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-25T14:50:26", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1258.NASL", "href": "https://www.tenable.com/plugins/nessus/158375", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158375);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3671\",\n \"CVE-2021-3738\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ\n (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1258\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80759687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.12-3.h8.eulerosv2r10\",\n \"libwbclient-4.11.12-3.h8.eulerosv2r10\",\n \"samba-4.11.12-3.h8.eulerosv2r10\",\n \"samba-client-4.11.12-3.h8.eulerosv2r10\",\n \"samba-common-4.11.12-3.h8.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h8.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h8.eulerosv2r10\",\n \"samba-winbind-4.11.12-3.h8.eulerosv2r10\",\n \"samba-winbind-clients-4.11.12-3.h8.eulerosv2r10\",\n \"samba-winbind-modules-4.11.12-3.h8.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:40:10", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3647-1 advisory.\n\n - An attacker can downgrade a negotiated SMB1 client connection and its capabitilities. Kerberos authentication is only possible with the SMB2/3 protocol or SMB1 using the NT1 dialect and the extended security (spnego) capability. Without mandatory SMB signing the protocol can be downgraded to an older insecure dialect like CORE, COREPLUS/CORE+, LANMAN1 or LANMAN2. Even if SMB signing is required it's still possible to downgrade to the NT1 dialect if extended security (spnego) is not negotiated. The attacker is able to get the plaintext password sent over the wire even if Kerberos authentication was required. The problem is only possible if all of the following options are explicitly set together: client NTLMv2 auth = no client lanman auth = yes client plaintext auth = yes client min protocol = NT1 # or lower In currently supported Samba versions all of the above options have different default values, so the problem is very unlikely to happen. Samba 4.5 and older had an additional problem, even in the default configuration, as they send ntlmv2, ntlm or lanman responses. Which means the attacker might be able to do offline attacks in order to recover the plaintext password, lmhash or nthash values. Requiring Kerberos authentication for SMB1/2/3 connections can be controlled by the '-k'/'--kerberos' or '-k yes'/'--kerberos=yes' command line options of various tools like: smbclient, smbcquotas, smbcacls, net, rpcclient, samba-tool and others.\n Note that 4.15 deprecated '-k/--kerberos*' and introduced '--use-kerberos=required' command line option as well as the smb.conf option client use kerberos = required. For libsmbclient based applications the usage of Kerberos is controlled by the following function calls: smbc_setOptionUseKerberos(), smbc_setOptionFallbackAfterKerberos() and smbc_setOptionNoAutoAnonymousLogin(). (CVE-2016-2124)\n\n - Windows Active Directory (AD) domains have by default a feature to allow users to create computer accounts, controlled by ms-DS-MachineAccountQuota. In addition some (presumably trusted) users have the right to create new users or computers in both Samba and Windows Active Directory Domains. These features can be quite dangerous in the wrong hands, as the user who creates such accounts has broad privileges to not just create them and set their passwords, but to rename them at a later time with the only contraint being they may not match an existing samAccountName in AD. When Samba as an AD Domain member accepts a Kerberos ticket, it must map the information found therein to a local UNIX user-id (uid). This is currently done via the account name in the Active Directory generated Kerberos Privileged Attribute Certificate (PAC), or the account name in the ticket (if there is no PAC). For example, Samba will attempt to find a user DOMAIN\\user before falling back to trying to find the user user. If the DOMAIN\\user lookup can be made to fail, then a privilege escalation is possible. The easiest example to illustrate this is if an attacker creates an account named root (by renaming a MachineAccountQuota based machine account), and asks for a login without a Kerberos PAC. Between obtaining the ticket and presenting it to a server, the attacker renames the user account to a different name. Samba attempts to look up DOMAIN\\root, which fails (as this no longer exists) and then falls back to looking up user root, which will map to the privileged UNIX uid of 0. This patch changes Samba to require a PAC (in all scenarios related to active directory domains) and use the SID and account name values of the PAC, which means the combination represents the same point in time. The processing is now similar to as with NTLM based logins.\n The SID is unique and non-repeating and so can't be confused with another user. Additionally, a new parameter has been added min domain uid (default 1000), and no matter how we obtain the UNIX uid to use in the process token (we may eventually read /etc/passwd or similar), by default no UNIX uid below this value will be accepted. The patch also removes the fallback from 'DOMAIN\\user' to just 'user', as it dangerous and not needed when nss_winbind is used (even when 'winbind use default domain = yes' is set).\n However there are setups which are joined to an active directory domain just for authentication, but the authorization is handled without nss_winbind by mapping the domain account to a local user provided by nss_file, nss_ldap or something similar. NOTE: These setups won't work anymore without explicitly mapping the users! For these setups administrators need to use the 'username map' or 'username map script' option in order to map domain users explicitly to local users, e.g. user = DOMAIN\\user Please consult 'man 5 smb.conf' for further details on 'username map' or 'username map script'. Also note that in the above example '\\' refers to the default value of the 'winbind separator' option. (CVE-2020-25717)\n\n - Samba as an Active Directory Domain Controller is able to support an RODC, which is meant to have minimal privileges in a domain. However, in accepting a ticket from a Samba or Windows RODC, Samba was not confirming that the RODC is authorized to print such a ticket, via the msDS-NeverRevealGroup and msDS- RevealOnDemandGroup (typically Allowed RODC Replication Group and Denied RODC Replciation Group). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - Samba as an Active Directory Domain Controller is based on Kerberos, which provides name-based authentication. These names are often then used for authorization. However Microsoft Windows and Active Direcory is SID-based. SIDs in Windows, similar to UIDs in Linux/Unix (if managed well) are globally unique and survive name changes. At the meeting of these two authorization schemes it is possible to confuse a server into acting as one user when holding a ticket for another. A Kerberos ticket, once issued, may be valid for some time, often 10 hours but potentially longer. In Active Directory, it may or may not carry a PAC, holding the user's SIDs. A simple example of the problem is on Samba's LDAP server, which would, unless gensec:require_pac = true was set, permit a fall back to using the name in the Kerberos ticket alone. (All Samba AD services fall to the same issue in one way or another, LDAP is just a good example). Delegated administrators with the right to create other user or machine accounts can abuse the race between the time of ticket issue and the time of presentation (back to the AD DC) to impersonate a different account, including a highly privileged account. This could allow total domain compromise.\n (CVE-2020-25719)\n\n - In order to avoid issues like CVE-2020-25717 AD Kerberos accepting services need access to unique, and ideally long-term stable identifiers of a user to perform authorization. The AD PAC provides this, but the most useful information is kept in a buffer which is NDR encoded, which means that so far in Free Software only Samba and applications which use Samba components under the hood like FreeIPA and SSSD decode PAC.\n Recognising that the issues seen in Samba are not unique, Samba now provides an extension to UPN_DNS_INFO, a component of the AD PAC, in a way that can be parsed using basic pointer handling. From this, future non-Samba based Kerberised applications can easily obtain the user's SID, in the same packing as objectSID in LDAP, confident that the ticket represents a specific user, not matter subsequent renames. This will allow such non-Samba applications to avoid confusing one Kerberos user for another, even if they have the same string name (due to the gap between time of ticket printing by the KDC and time of ticket acceptance). The protocol deployment weakness, as demonstrated with the CVE-2020-25717 in Samba when deployed in Active Directory, leaves most Linux and UNIX applications only to rely on the client name from the Kerberos ticket. When the client name as seen by the KDC is under an attacker control across multiple Kerberos requests, such applications need an additional information to correlate the client name across those requests. Directories where only full administrators can create users are not the concern, the concern is where that user/computer creation right is delegated in some way, explicitly or via ms-DS- MachineAccountQuota. (CVE-2020-25721)\n\n - Samba as an Active Directory Domain Controller has to take care to protect a number of sensitive attributes, and to follow a security model from Active Directory that relies totally on the intersection of NT security descriptors and the underlying X.500 Directory Access Protocol (as then expressed in LDAP) schema constraints for security. Some attributes in Samba AD are sensitive, they apply to one object but protect others. Users who can set msDS-AllowedToDelegateTo can become any user in the domain on the server pointed at by this list. Likewise in a domain mixed with Microsoft Windows, Samba's lack of protection of sidHistory would be a similar issue. This would be limited to users with the right to create users or modify them (typically those who created them), however, due to other flaws, all users are able to create new user objects. Finally, Samba did not enforce userPrincipalName and servicePrincipalName uniqueness, nor did it correctly implement the validated SPN feature allowing machine accounts to safely set their own SPN (the checks were easily bypassed and additionally should have been restricted to objectClass=computer). Samba has implemented this feature, which avoids a denial of service (UPNs) or service impersonation (SPNs) between users privileged to add users to the domian (but see the above point). This release adds a feature similar in goal but broader in implementation than that found in the Windows 2012 Forest Functional level. (CVE-2020-25722)\n\n - Samba implements DCE/RPC, and in most cases it is provided over and protected by the underlying SMB transport, with protections like 'SMB signing'. However there are other cases where large DCE/RPC request payloads are exchanged and fragmented into several pieces. If this happens over untrusted transports (e.g.\n directly over TCP/IP or anonymous SMB) clients will typically protect by an explicit authentication at the DCE/RPC layer, e.g. with GSSAPI/Kerberos/NTLMSSP or Netlogon Secure Channel. Because the checks on the fragment protection were not done between the policy controls on the header and the subsequent fragments, an attacker could replace subsequent fragments in requests with their own data, which might be able to alter the server behaviour. DCE/RPC is a core component of all Samba servers, but we are most concerned about Samba as a Domain Controller, given the role as a centrally trusted service. As active directory domain controller this issue affects Samba versions greater or equal to 4.10.0. As NT4 classic domain controller, domain member or standalone server this issue affects Samba versions greater or equal to 4.13.0. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : samba and ldb (openSUSE-SU-2021:3647-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2022-11-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:ldb-tools", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-64bit", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-64bit", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-64bit", "p-cpe:/a:novell:opensuse:libldb-devel", "p-cpe:/a:novell:opensuse:libldb2", "p-cpe:/a:novell:opensuse:libldb2-32bit", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-64bit", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-64bit", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-64bit", "p-cpe:/a:novell:opensuse:libndr1", "p-cpe:/a:novell:opensuse:libndr1-32bit", "p-cpe:/a:novell:opensuse:libndr1-64bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi-devel-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel-64bit", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-64bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-64bit", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-64bit", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-64bit", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-64bit", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-64bit", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-64bit", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors0-64bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-64bit", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-64bit", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsmbldap2", "p-cpe:/a:novell:opensuse:libsmbldap2-32bit", "p-cpe:/a:novell:opensuse:libsmbldap2-64bit", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-64bit", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libwbclient0-64bit", "p-cpe:/a:novell:opensuse:python3-ldb", "p-cpe:/a:novell:opensuse:python3-ldb-32bit", "p-cpe:/a:novell:opensuse:python3-ldb-devel", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:samba-ad-dc-32bit", "p-cpe:/a:novell:opensuse:samba-ad-dc-64bit", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-64bit", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-gpupdate", "p-cpe:/a:novell:opensuse:samba-ldb-ldap", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-64bit", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-64bit", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-64bit", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3647.NASL", "href": "https://www.tenable.com/plugins/nessus/155177", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3647-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155177);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\",\n \"CVE-2021-23192\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"openSUSE 15 Security Update : samba and ldb (openSUSE-SU-2021:3647-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3647-1 advisory.\n\n - An attacker can downgrade a negotiated SMB1 client connection and its capabitilities. Kerberos\n authentication is only possible with the SMB2/3 protocol or SMB1 using the NT1 dialect and the extended\n security (spnego) capability. Without mandatory SMB signing the protocol can be downgraded to an older\n insecure dialect like CORE, COREPLUS/CORE+, LANMAN1 or LANMAN2. Even if SMB signing is required it's still\n possible to downgrade to the NT1 dialect if extended security (spnego) is not negotiated. The attacker is\n able to get the plaintext password sent over the wire even if Kerberos authentication was required. The\n problem is only possible if all of the following options are explicitly set together: client NTLMv2 auth =\n no client lanman auth = yes client plaintext auth = yes client min protocol = NT1 # or lower In currently\n supported Samba versions all of the above options have different default values, so the problem is very\n unlikely to happen. Samba 4.5 and older had an additional problem, even in the default configuration, as\n they send ntlmv2, ntlm or lanman responses. Which means the attacker might be able to do offline attacks\n in order to recover the plaintext password, lmhash or nthash values. Requiring Kerberos authentication for\n SMB1/2/3 connections can be controlled by the '-k'/'--kerberos' or '-k yes'/'--kerberos=yes' command line\n options of various tools like: smbclient, smbcquotas, smbcacls, net, rpcclient, samba-tool and others.\n Note that 4.15 deprecated '-k/--kerberos*' and introduced '--use-kerberos=required' command line option as\n well as the smb.conf option client use kerberos = required. For libsmbclient based applications the\n usage of Kerberos is controlled by the following function calls: smbc_setOptionUseKerberos(),\n smbc_setOptionFallbackAfterKerberos() and smbc_setOptionNoAutoAnonymousLogin(). (CVE-2016-2124)\n\n - Windows Active Directory (AD) domains have by default a feature to allow users to create computer\n accounts, controlled by ms-DS-MachineAccountQuota. In addition some (presumably trusted) users have the\n right to create new users or computers in both Samba and Windows Active Directory Domains. These features\n can be quite dangerous in the wrong hands, as the user who creates such accounts has broad privileges to\n not just create them and set their passwords, but to rename them at a later time with the only contraint\n being they may not match an existing samAccountName in AD. When Samba as an AD Domain member accepts a\n Kerberos ticket, it must map the information found therein to a local UNIX user-id (uid). This is\n currently done via the account name in the Active Directory generated Kerberos Privileged Attribute\n Certificate (PAC), or the account name in the ticket (if there is no PAC). For example, Samba will attempt\n to find a user DOMAIN\\user before falling back to trying to find the user user. If the DOMAIN\\user\n lookup can be made to fail, then a privilege escalation is possible. The easiest example to illustrate\n this is if an attacker creates an account named root (by renaming a MachineAccountQuota based machine\n account), and asks for a login without a Kerberos PAC. Between obtaining the ticket and presenting it to a\n server, the attacker renames the user account to a different name. Samba attempts to look up\n DOMAIN\\root, which fails (as this no longer exists) and then falls back to looking up user root, which\n will map to the privileged UNIX uid of 0. This patch changes Samba to require a PAC (in all scenarios\n related to active directory domains) and use the SID and account name values of the PAC, which means the\n combination represents the same point in time. The processing is now similar to as with NTLM based logins.\n The SID is unique and non-repeating and so can't be confused with another user. Additionally, a new\n parameter has been added min domain uid (default 1000), and no matter how we obtain the UNIX uid to use\n in the process token (we may eventually read /etc/passwd or similar), by default no UNIX uid below this\n value will be accepted. The patch also removes the fallback from 'DOMAIN\\user' to just 'user', as it\n dangerous and not needed when nss_winbind is used (even when 'winbind use default domain = yes' is set).\n However there are setups which are joined to an active directory domain just for authentication, but the\n authorization is handled without nss_winbind by mapping the domain account to a local user provided by\n nss_file, nss_ldap or something similar. NOTE: These setups won't work anymore without explicitly mapping\n the users! For these setups administrators need to use the 'username map' or 'username map script' option\n in order to map domain users explicitly to local users, e.g. user = DOMAIN\\user Please consult 'man 5\n smb.conf' for further details on 'username map' or 'username map script'. Also note that in the above\n example '\\' refers to the default value of the 'winbind separator' option. (CVE-2020-25717)\n\n - Samba as an Active Directory Domain Controller is able to support an RODC, which is meant to have minimal\n privileges in a domain. However, in accepting a ticket from a Samba or Windows RODC, Samba was not\n confirming that the RODC is authorized to print such a ticket, via the msDS-NeverRevealGroup and msDS-\n RevealOnDemandGroup (typically Allowed RODC Replication Group and Denied RODC Replciation Group). This\n would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - Samba as an Active Directory Domain Controller is based on Kerberos, which provides name-based\n authentication. These names are often then used for authorization. However Microsoft Windows and Active\n Direcory is SID-based. SIDs in Windows, similar to UIDs in Linux/Unix (if managed well) are globally\n unique and survive name changes. At the meeting of these two authorization schemes it is possible to\n confuse a server into acting as one user when holding a ticket for another. A Kerberos ticket, once\n issued, may be valid for some time, often 10 hours but potentially longer. In Active Directory, it may or\n may not carry a PAC, holding the user's SIDs. A simple example of the problem is on Samba's LDAP server,\n which would, unless gensec:require_pac = true was set, permit a fall back to using the name in the\n Kerberos ticket alone. (All Samba AD services fall to the same issue in one way or another, LDAP is just a\n good example). Delegated administrators with the right to create other user or machine accounts can abuse\n the race between the time of ticket issue and the time of presentation (back to the AD DC) to impersonate\n a different account, including a highly privileged account. This could allow total domain compromise.\n (CVE-2020-25719)\n\n - In order to avoid issues like CVE-2020-25717 AD Kerberos accepting services need access to unique, and\n ideally long-term stable identifiers of a user to perform authorization. The AD PAC provides this, but the\n most useful information is kept in a buffer which is NDR encoded, which means that so far in Free Software\n only Samba and applications which use Samba components under the hood like FreeIPA and SSSD decode PAC.\n Recognising that the issues seen in Samba are not unique, Samba now provides an extension to UPN_DNS_INFO,\n a component of the AD PAC, in a way that can be parsed using basic pointer handling. From this, future\n non-Samba based Kerberised applications can easily obtain the user's SID, in the same packing as objectSID\n in LDAP, confident that the ticket represents a specific user, not matter subsequent renames. This will\n allow such non-Samba applications to avoid confusing one Kerberos user for another, even if they have the\n same string name (due to the gap between time of ticket printing by the KDC and time of ticket\n acceptance). The protocol deployment weakness, as demonstrated with the CVE-2020-25717 in Samba when\n deployed in Active Directory, leaves most Linux and UNIX applications only to rely on the client name\n from the Kerberos ticket. When the client name as seen by the KDC is under an attacker control across\n multiple Kerberos requests, such applications need an additional information to correlate the client name\n across those requests. Directories where only full administrators can create users are not the concern,\n the concern is where that user/computer creation right is delegated in some way, explicitly or via ms-DS-\n MachineAccountQuota. (CVE-2020-25721)\n\n - Samba as an Active Directory Domain Controller has to take care to protect a number of sensitive\n attributes, and to follow a security model from Active Directory that relies totally on the intersection\n of NT security descriptors and the underlying X.500 Directory Access Protocol (as then expressed in LDAP)\n schema constraints for security. Some attributes in Samba AD are sensitive, they apply to one object but\n protect others. Users who can set msDS-AllowedToDelegateTo can become any user in the domain on the server\n pointed at by this list. Likewise in a domain mixed with Microsoft Windows, Samba's lack of protection of\n sidHistory would be a similar issue. This would be limited to users with the right to create users or\n modify them (typically those who created them), however, due to other flaws, all users are able to create\n new user objects. Finally, Samba did not enforce userPrincipalName and servicePrincipalName uniqueness,\n nor did it correctly implement the validated SPN feature allowing machine accounts to safely set their\n own SPN (the checks were easily bypassed and additionally should have been restricted to\n objectClass=computer). Samba has implemented this feature, which avoids a denial of service (UPNs) or\n service impersonation (SPNs) between users privileged to add users to the domian (but see the above\n point). This release adds a feature similar in goal but broader in implementation than that found in the\n Windows 2012 Forest Functional level. (CVE-2020-25722)\n\n - Samba implements DCE/RPC, and in most cases it is provided over and protected by the underlying SMB\n transport, with protections like 'SMB signing'. However there are other cases where large DCE/RPC request\n payloads are exchanged and fragmented into several pieces. If this happens over untrusted transports (e.g.\n directly over TCP/IP or anonymous SMB) clients will typically protect by an explicit authentication at the\n DCE/RPC layer, e.g. with GSSAPI/Kerberos/NTLMSSP or Netlogon Secure Channel. Because the checks on the\n fragment protection were not done between the policy controls on the header and the subsequent fragments,\n an attacker could replace subsequent fragments in requests with their own data, which might be able to\n alter the server behaviour. DCE/RPC is a core component of all Samba servers, but we are most concerned\n about Samba as a Domain Controller, given the role as a centrally trusted service. As active directory\n domain controller this issue affects Samba versions greater or equal to 4.10.0. As NT4 classic domain\n controller, domain member or standalone server this issue affects Samba versions greater or equal to\n 4.13.0. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections\n via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb\n database. However while the database was correctly shared, the user credentials state was only pointed at,\n and when one connection within that association group ended, the database would be left pointing at an\n invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-\n after-free could instead allow different user state to be pointed at and this might allow more privileged\n access. (CVE-2021-3738)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1014440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192214\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192215\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192246\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192505\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/36K5HNX67LYX5XOVQRL3MSIC5YSJ5M5W/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ab8e9a2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-2124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-23192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3738\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr1-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap2-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-gpupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ldb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-pcp-pmda-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ldb-tools-2.2.2-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-binding0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-samr0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc-samr0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libdcerpc0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb-devel-2.2.2-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb2-2.2.2-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb2-32bit-2.2.2-3.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-krb5pac0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-nbt0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr-standard0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr1-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libndr1-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnetapi-devel-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnetapi-devel-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnetapi0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-credentials0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-errors0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-hostconfig0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-passdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbconf0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbldap2-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-2.2.2-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-32bit-2.2.2-3.3.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-devel-2.2.2-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python3-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-64bit-4.13.13+git.528.140935f8d6a-3.12.1', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-pcp-pmda / ctdb-tests / ldb-tools / libdcerpc-binding0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:44:18", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-1413)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-1413.NASL", "href": "https://www.tenable.com/plugins/nessus/159868", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159868);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3671\",\n \"CVE-2021-3738\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-1413)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now\n provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ\n (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections\n via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb\n database. However while the database was correctly shared, the user credentials state was only pointed at,\n and when one connection within that association group ended, the database would be left pointing at an\n invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-\n after-free could instead allow different user state to be pointed at and this might allow more privileged\n access. (CVE-2021-3738)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1413\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?518bc7dc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"samba-client-4.11.12-3.h9.eulerosv2r10\",\n \"samba-common-4.11.12-3.h9.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h9.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h9.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:33:59", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1246)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1246.NASL", "href": "https://www.tenable.com/plugins/nessus/158380", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158380);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3671\",\n \"CVE-2021-3738\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1246)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ\n (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.\n (CVE-2021-3671)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1246\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?216ebe3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.12-3.h8.eulerosv2r10\",\n \"libwbclient-4.11.12-3.h8.eulerosv2r10\",\n \"samba-4.11.12-3.h8.eulerosv2r10\",\n \"samba-client-4.11.12-3.h8.eulerosv2r10\",\n \"samba-common-4.11.12-3.h8.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h8.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h8.eulerosv2r10\",\n \"samba-winbind-4.11.12-3.h8.eulerosv2r10\",\n \"samba-winbind-clients-4.11.12-3.h8.eulerosv2r10\",\n \"samba-winbind-modules-4.11.12-3.h8.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T16:13:55", "description": "The remote Ubuntu 20.04 LTS / 21.04 / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5142-1 advisory.\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-12T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.04 / 21.10 : Samba vulnerabilities (USN-5142-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.04", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python3-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-5142-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155297", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5142-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155297);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3671\",\n \"CVE-2021-3738\",\n \"CVE-2021-23192\"\n );\n script_xref(name:\"USN\", value:\"5142-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.04 / 21.10 : Samba vulnerabilities (USN-5142-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.04 / 21.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5142-1 advisory.\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now\n provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5142-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25719\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3738\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! preg(pattern:\"^(20\\.04|21\\.04|21\\.10)$\", string:os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.04 / 21.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'ctdb', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'python3-samba', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-common', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'smbclient', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '20.04', 'pkgname': 'winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.20.04.1'},\n {'osver': '21.04', 'pkgname': 'ctdb', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'python3-samba', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba-common', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'smbclient', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.04', 'pkgname': 'winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.10', 'pkgname': 'ctdb', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libsmbclient', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwbclient0', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'python3-samba', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'registry-tools', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-common', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-dev', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-libs', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'smbclient', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'winbind', 'pkgver': '2:4.13.14+dfsg-0ubuntu0.21.10.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libsmbclient / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T13:30:06", "description": "The version of samba installed on the remote host is prior to 4.16.2-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-224 advisory.\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. (CVE-2021-20316)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : samba (ALAS2022-2022-224)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-20316", "CVE-2021-23192", "CVE-2021-3738", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-debuginfo", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-debuginfo", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-debuginfo", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:python3-samba", "p-cpe:/a:amazon:linux:python3-samba-dc", "p-cpe:/a:amazon:linux:python3-samba-dc-debuginfo", "p-cpe:/a:amazon:linux:python3-samba-debuginfo", "p-cpe:/a:amazon:linux:python3-samba-devel", "p-cpe:/a:amazon:linux:python3-samba-test", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-debuginfo", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-client-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-common-tools-debuginfo", "p-cpe:/a:amazon:linux:samba-dc", "p-cpe:/a:amazon:linux:samba-dc-bind-dlz", "p-cpe:/a:amazon:linux:samba-dc-bind-dlz-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-libs", "p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-provision", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-debugsource", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-krb5-printing", "p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-test", "p-cpe:/a:amazon:linux:samba-test-debuginfo", "p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-test-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-vfs-iouring", "p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-modules", "p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-224.NASL", "href": "https://www.tenable.com/plugins/nessus/168583", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-224.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168583);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\",\n \"CVE-2021-20316\",\n \"CVE-2021-23192\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Amazon Linux 2022 : samba (ALAS2022-2022-224)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of samba installed on the remote host is prior to 4.16.2-0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2022-2022-224 advisory.\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now\n provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated\n attacker with permissions to read or modify share metadata, to perform this operation outside of the\n share. (CVE-2021-20316)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large\n DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data,\n bypassing the signature requirements. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections\n via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb\n database. However while the database was correctly shared, the user credentials state was only pointed at,\n and when one connection within that association group ended, the database would be left pointing at an\n invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-\n after-free could instead allow different user state to be pointed at and this might allow more privileged\n access. (CVE-2021-3738)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-224.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2016-2124.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25717.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25718.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25722.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-20316.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-23192.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3738.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44141.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44142.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0336.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update samba' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-bind-dlz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-bind-dlz-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-provision\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ctdb-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.16.2-0.amzn2022.0.2', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-provision-4.16.2-0.amzn2022.0.2', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.16.2-0.amzn2022.0.2', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / libsmbclient / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-23T05:43:23", "description": "The remote host is affected by the vulnerability described in GLSA-202309-06 (Samba: Multiple Vulnerabilities)\n\n - Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. (CVE-2007-4559)\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - MaxQueryDuration not honoured in Samba AD DC LDAP (CVE-2021-3670)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)\n\n - A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. (CVE-2021-20251)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. (CVE-2021-20316)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. (CVE-2021-23192)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\n - In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. (CVE-2022-1615)\n\n - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.\n (CVE-2022-2031)\n\n - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)\n\n - A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.\n (CVE-2022-3592)\n\n - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)\n\n - Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. (CVE-2022-32743)\n\n - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. (CVE-2022-32744)\n\n - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)\n\n - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)\n\n - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)\n\n - Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)\n\n - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.\n (CVE-2022-42898)\n\n - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts- hmac-sha1-96). (CVE-2022-45141)\n\n - A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. (CVE-2023-0225)\n\n - The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. (CVE-2023-0614)\n\n - The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. (CVE-2023-0922)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-17T00:00:00", "type": "nessus", "title": "GLSA-202309-06 : Samba: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2001-1267", "CVE-2007-4559", "CVE-2016-2124", "CVE-2018-10919", "CVE-2020-17049", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-20251", "CVE-2021-20316", "CVE-2021-23192", "CVE-2021-3670", "CVE-2021-3738", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336", "CVE-2022-1615", "CVE-2022-2031", "CVE-2022-32742", "CVE-2022-32743", "CVE-2022-32744", "CVE-2022-32745", "CVE-2022-32746", "CVE-2022-3437", "CVE-2022-3592", "CVE-2022-37966", "CVE-2022-37967", "CVE-2022-38023", "CVE-2022-42898", "CVE-2022-45141", "CVE-2023-0225", "CVE-2023-0614", "CVE-2023-0922"], "modified": "2023-09-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:samba", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202309-06.NASL", "href": "https://www.tenable.com/plugins/nessus/181514", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202309-06.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181514);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/21\");\n\n script_cve_id(\n \"CVE-2007-4559\",\n \"CVE-2016-2124\",\n \"CVE-2020-17049\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3670\",\n \"CVE-2021-3738\",\n \"CVE-2021-20251\",\n \"CVE-2021-20316\",\n \"CVE-2021-23192\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\",\n \"CVE-2022-1615\",\n \"CVE-2022-2031\",\n \"CVE-2022-3437\",\n \"CVE-2022-3592\",\n \"CVE-2022-32742\",\n \"CVE-2022-32743\",\n \"CVE-2022-32744\",\n \"CVE-2022-32745\",\n \"CVE-2022-32746\",\n \"CVE-2022-37966\",\n \"CVE-2022-37967\",\n \"CVE-2022-38023\",\n \"CVE-2022-42898\",\n \"CVE-2022-45141\",\n \"CVE-2023-0225\",\n \"CVE-2023-0614\",\n \"CVE-2023-0922\"\n );\n\n script_name(english:\"GLSA-202309-06 : Samba: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202309-06 (Samba: Multiple Vulnerabilities)\n\n - Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in\n Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in\n filenames in a TAR archive, a related issue to CVE-2001-1267. (CVE-2007-4559)\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now\n provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - MaxQueryDuration not honoured in Samba AD DC LDAP (CVE-2021-3670)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections\n via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb\n database. However while the database was correctly shared, the user credentials state was only pointed at,\n and when one connection within that association group ended, the database would be left pointing at an\n invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-\n after-free could instead allow different user state to be pointed at and this might allow more privileged\n access. (CVE-2021-3738)\n\n - A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute\n force attacks being successful if special conditions are met. (CVE-2021-20251)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated\n attacker with permissions to read or modify share metadata, to perform this operation outside of the\n share. (CVE-2021-20316)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large\n DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data,\n bypassing the signature requirements. (CVE-2021-23192)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\n - In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. (CVE-2022-1615)\n\n - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a\n single account and set of keys, allowing them to decrypt each other's tickets. A user who has been\n requested to change their password, can exploit this flaw to obtain and use tickets to other services.\n (CVE-2022-2031)\n\n - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and\n unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI\n library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a\n maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the\n application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)\n\n - A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will\n make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported\n part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside\n the 'smbd' configured share path and gain access to another restricted server's filesystem.\n (CVE-2022-3592)\n\n - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client\n had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or\n printer) instead of client-supplied data. The client cannot control the area of the server memory written\n to the file (or printer). (CVE-2022-32742)\n\n - Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit\n unprivileged users to write it. (CVE-2022-32743)\n\n - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By\n encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling\n full domain takeover. (CVE-2022-32744)\n\n - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP\n add or modify the request, usually resulting in a segmentation fault. (CVE-2022-32745)\n\n - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP\n message values freed by a preceding database module, resulting in a use-after-free issue. This issue is\n only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)\n\n - Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)\n\n - Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)\n\n - Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)\n\n - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that\n may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit\n platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other\n platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.\n (CVE-2022-42898)\n\n - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov\n 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will\n issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-\n hmac-sha1-96). (CVE-2022-45141)\n\n - A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise\n unprivileged users to delete this attribute from any object in the directory. (CVE-2023-0225)\n\n - The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP\n filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a\n Samba AD DC. (CVE-2023-0614)\n\n - The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new\n or reset passwords over a signed-only connection. (CVE-2023-0922)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202309-06\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=820566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=821688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=830983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=832433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=861512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=869122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=878273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=880437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=886153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=903621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=905320\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=910334\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Samba users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=net-fs/samba-4.18.4\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-45141\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'net-fs/samba',\n 'unaffected' : make_list(\"ge 4.18.4\"),\n 'vulnerable' : make_list(\"lt 4.18.4\")\n }\n];\n\nforeach var package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Samba');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "almalinux": [{"lastseen": "2023-09-29T11:22:24", "description": "AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nSecurity Fix(es):\n\n* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T07:39:49", "type": "almalinux", "title": "Moderate: idm:DL1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-12-15T07:39:49", "id": "ALSA-2021:5142", "href": "https://errata.almalinux.org/8/ALSA-2021-5142.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nSecurity Fix(es):\n\n* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-04T07:51:04", "type": "redhat", "title": "(RHSA-2022:0007) Moderate: idm:DL1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2022-01-04T07:57:53", "id": "RHSA-2022:0007", "href": "https://access.redhat.com/errata/RHSA-2022:0007", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nSecurity Fix(es):\n\n* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server (BZ#2025848)", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-16T16:34:20", "type": "redhat", "title": "(RHSA-2021:5195) Moderate: ipa security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-12-16T17:15:52", "id": "RHSA-2021:5195", "href": "https://access.redhat.com/errata/RHSA-2021:5195", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nSecurity Fix(es):\n\n* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T09:08:54", "type": "redhat", "title": "(RHSA-2022:0076) Moderate: idm:DL1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2022-01-11T15:45:15", "id": "RHSA-2022:0076", "href": "https://access.redhat.com/errata/RHSA-2022:0076", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nSecurity Fix(es):\n\n* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T07:39:49", "type": "redhat", "title": "(RHSA-2021:5142) Moderate: idm:DL1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-12-15T07:50:23", "id": "RHSA-2021:5142", "href": "https://access.redhat.com/errata/RHSA-2021:5142", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-09-26T06:40:01", "description": "A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-10T03:28:05", "type": "redhatcve", "title": "CVE-2020-25719", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2023-04-06T07:39:10", "id": "RH:CVE-2020-25719", "href": "https://access.redhat.com/security/cve/cve-2020-25719", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "rocky": [{"lastseen": "2023-09-26T03:29:44", "description": "An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nRocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. \n\nSecurity Fix(es):\n\n* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-15T07:39:49", "type": "rocky", "title": "idm:DL1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-12-15T07:39:49", "id": "RLSA-2021:5142", "href": "https://errata.rockylinux.org/RLSA-2021:5142", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-09-26T16:39:03", "description": "A flaw was found in the way Samba, as an Active Directory Domain\nController, implemented Kerberos name-based authentication. The Samba AD\nDC, could become confused about the user a ticket represents if it did not\nstrictly require a Kerberos PAC and always use the SIDs found within. The\nresult could include total domain compromise.\n\n#### Bugs\n\n * <https://bugzilla.samba.org/show_bug.cgi?id=14834>\n * <https://bugzilla.samba.org/show_bug.cgi?id=14725>\n * <https://bugzilla.samba.org/show_bug.cgi?id=14561>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | Fixing this in Ubuntu 18.04 LTS would require substantial code backports. We will not be fixing this issue in Ubuntu 18.04 LTS. In environments where this is of concern, we recommend updating to a more recent Ubuntu version.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T00:00:00", "type": "ubuntucve", "title": "CVE-2020-25719", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-11-09T00:00:00", "id": "UB:CVE-2020-25719", "href": "https://ubuntu.com/security/CVE-2020-25719", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-10-21T20:47:03", "description": "A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-02-18T18:15:00", "type": "osv", "title": "CVE-2020-25719", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2022-10-21T20:46:56", "id": "OSV:CVE-2020-25719", "href": "https://osv.dev/vulnerability/CVE-2020-25719", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:42:05", "description": "\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix.\n\n\n* [CVE-2016-2124](https://security-tracker.debian.org/tracker/CVE-2016-2124)\nStefan Metzmacher reported that SMB1 client connections can be\n downgraded to plaintext authentication.\n* [CVE-2020-25717](https://security-tracker.debian.org/tracker/CVE-2020-25717)\nAndrew Bartlett reported that Samba may map domain users to local\n users in an undesired way, allowing for privilege escalation. The\n update introduces a new parameter min domain uid (default to 1000)\n to not accept a UNIX uid below this value.\n* [CVE-2020-25718](https://security-tracker.debian.org/tracker/CVE-2020-25718)\nAndrew Bartlett reported that Samba as AD DC, when joined by an\n RODC, did not confirm if the RODC was allowed to print a ticket for\n that user, allowing an RODC to print administrator tickets.\n* [CVE-2020-25719](https://security-tracker.debian.org/tracker/CVE-2020-25719)\nAndrew Bartlett reported that Samba as AD DC, did not always rely on\n the SID and PAC in Kerberos tickets and could be confused about the\n user a ticket represents. If a privileged account was attacked this\n could lead to total domain compromise.\n* [CVE-2020-25721](https://security-tracker.debian.org/tracker/CVE-2020-25721)\nAndrew Bartlett reported that Samba as a AD DC did not provide a way\n for Linux applications to obtain a reliable SID (and samAccountName)\n in issued tickets.\n* [CVE-2020-25722](https://security-tracker.debian.org/tracker/CVE-2020-25722)\nAndrew Bartlett reported that Samba as AD DC did not do sufficient\n access and conformance checking of data stored, potentially allowing\n total domain compromise.\n* [CVE-2021-3738](https://security-tracker.debian.org/tracker/CVE-2021-3738)\nWilliam Ross reported that the Samba AD DC RPC server can use memory\n that was free'd when a sub-connection is closed, resulting in denial\n of service, and potentially, escalation of privileges.\n* [CVE-2021-23192](https://security-tracker.debian.org/tracker/CVE-2021-23192)\nStefan Metzmacher reported that if a client to a Samba server sent a\n very large DCE/RPC request, and chose to fragment it, an attacker\n could replace later fragments with their own data, bypassing the\n signature requirements.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2:4.13.13+dfsg-1~deb11u2.\n\n\nWe recommend that you upgrade your samba packages.\n\n\nFor the detailed security status of samba please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/samba](https://security-tracker.debian.org/tracker/samba)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T00:00:00", "type": "osv", "title": "samba - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2023-06-28T06:41:57", "id": "OSV:DSA-5003-1", "href": "https://osv.dev/vulnerability/DSA-5003-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-09-26T01:14:39", "description": "**CentOS Errata and Security Advisory** CESA-2021:5195\n\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nSecurity Fix(es):\n\n* samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets (CVE-2020-25719)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server (BZ#2025848)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2021-December/086220.html\n\n**Affected packages:**\nipa\nipa-client\nipa-client-common\nipa-common\nipa-python-compat\nipa-server\nipa-server-common\nipa-server-dns\nipa-server-trust-ad\npython2-ipaclient\npython2-ipalib\npython2-ipaserver\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2021:5195", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-21T21:37:58", "type": "centos", "title": "ipa, python2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-12-21T21:37:58", "id": "CESA-2021:5195", "href": "https://lists.centos.org/pipermail/centos-announce/2021-December/086220.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2023-09-25T23:19:14", "description": "**Issue Overview:**\n\nA flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n \n**Affected Packages:** \n\n\nipa\n\n \n**Issue Correction:** \nRun _yum update ipa_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 ipa-server-4.6.8-5.amzn2.4.2.aarch64 \n \u00a0\u00a0\u00a0 ipa-server-trust-ad-4.6.8-5.amzn2.4.2.aarch64 \n \u00a0\u00a0\u00a0 ipa-client-4.6.8-5.amzn2.4.2.aarch64 \n \u00a0\u00a0\u00a0 ipa-debuginfo-4.6.8-5.amzn2.4.2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 ipa-server-4.6.8-5.amzn2.4.2.i686 \n \u00a0\u00a0\u00a0 ipa-server-trust-ad-4.6.8-5.amzn2.4.2.i686 \n \u00a0\u00a0\u00a0 ipa-client-4.6.8-5.amzn2.4.2.i686 \n \u00a0\u00a0\u00a0 ipa-debuginfo-4.6.8-5.amzn2.4.2.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 python2-ipaserver-4.6.8-5.amzn2.4.2.noarch \n \u00a0\u00a0\u00a0 ipa-server-common-4.6.8-5.amzn2.4.2.noarch \n \u00a0\u00a0\u00a0 ipa-server-dns-4.6.8-5.amzn2.4.2.noarch \n \u00a0\u00a0\u00a0 python2-ipaclient-4.6.8-5.amzn2.4.2.noarch \n \u00a0\u00a0\u00a0 ipa-client-common-4.6.8-5.amzn2.4.2.noarch \n \u00a0\u00a0\u00a0 ipa-python-compat-4.6.8-5.amzn2.4.2.noarch \n \u00a0\u00a0\u00a0 python2-ipalib-4.6.8-5.amzn2.4.2.noarch \n \u00a0\u00a0\u00a0 ipa-common-4.6.8-5.amzn2.4.2.noarch \n \n src: \n \u00a0\u00a0\u00a0 ipa-4.6.8-5.amzn2.4.2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 ipa-server-4.6.8-5.amzn2.4.2.x86_64 \n \u00a0\u00a0\u00a0 ipa-server-trust-ad-4.6.8-5.amzn2.4.2.x86_64 \n \u00a0\u00a0\u00a0 ipa-client-4.6.8-5.amzn2.4.2.x86_64 \n \u00a0\u00a0\u00a0 ipa-debuginfo-4.6.8-5.amzn2.4.2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-25719](<https://access.redhat.com/security/cve/CVE-2020-25719>)\n\nMitre: [CVE-2020-25719](<https://vulners.com/cve/CVE-2020-25719>)\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-07-17T17:40:00", "type": "amazon", "title": "Important: ipa", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2023-07-19T22:18:00", "id": "ALAS2-2023-2149", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-2149.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "samba": [{"lastseen": "2023-09-25T23:43:30", "description": "## Description\n\nSamba as an Active Directory Domain Controller is based on Kerberos,\nwhich provides name-based authentication. These names are often then\nused for authorization.\n\nHowever Microsoft Windows and Active Direcory is SID-based. SIDs in\nWindows, similar to UIDs in Linux/Unix (if managed well) are globally\nunique and survive name changes. At the meeting of these two\nauthorization schemes it is possible to confuse a server into acting\nas one user when holding a ticket for another.\n\nA Kerberos ticket, once issued, may be valid for some time, often 10\nhours but potentially longer. In Active Directory, it may or may not\ncarry a PAC, holding the user's SIDs.\n\nA simple example of the problem is on Samba's LDAP server, which\nwould, unless \"gensec:require_pac = true\" was set, permit a fall back\nto using the name in the Kerberos ticket alone. (All Samba AD\nservices fall to the same issue in one way or another, LDAP is just a\ngood example).\n\nDelegated administrators with the right to create other user or\nmachine accounts can abuse the race between the time of ticket issue\nand the time of presentation (back to the AD DC) to impersonate a\ndifferent account, including a highly privileged account.\n\nThis could allow total domain compromise.\n## Behaviour changes\n\nSamba as an AD DC will now always issue a Kerberos PAC in the AD-REQ\nand require that tickets presented back to the DC have a PAC, both in\nthe KDC and elsewhere.\n\nTickets issued by an unpatched DC that do not have a Kerberos PAC (eg\nwith the --no-request-pac option to MIT kerberos kinit) will be denied\nafter the upgrade, even if they are otherwise still valid.\n\nThis also means that the Kerberos TCP transport is likely to be\nrequired to connect to the Samba AD DC, as a PAC is unlikely to fit in\na UDP packet. PAC-free tickets are still supported for target\nservices (eg NFS), via an flag within the PAC preventing it being\nput into the final ticket.\n## Patch Availability\n\nPatches addressing both these issues have been posted to:\n\n https://www.samba.org/samba/security/\n\nAdditionally, Samba 4.15.2, 4.14.10 and 4.13.14 have been issued\nas security releases to correct the defect. Samba administrators are\nadvised to upgrade to these releases or apply the patch as soon\nas possible.\n## CVSSv3 calculation\n\nThis CVSSv3 calculation is assuming the other Samba issues are\naddressed, and user/computer creation is an at least partially\nprivileged action.\n\nCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (7.2)\n## Workaround\n## Credits\n\nOriginally reported by Andrew Bartlett.\n\nPatches provided by:\n - Andrew Bartlett of Catalyst and the Samba Team.\n - Joseph Sutton of Catalyst and the Samba Team\n - Andreas Schneider of Red Hat and the Samba Team\n - Stefan Metzmacher of SerNet and the Samba Team\n\nAdvisory written by Andrew Bartlett of Catalyst\n\nCatalyst would like to particularly thank Red Hat and SerNet for their\ncontribution to fixing this issue.\n\n== Our Code, Our Bugs, Our Responsibility.\n== The Samba Team", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T00:00:00", "type": "samba", "title": "Samba AD DC did not always rely on the SID", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-11-09T00:00:00", "id": "SAMBA:CVE-2020-25719", "href": "https://www.samba.org/samba/security/CVE-2020-25719.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cnvd": [{"lastseen": "2022-10-08T06:41:20", "description": "Samba is the standard Windows interoperability suite for Linux and Unix. A security vulnerability exists in Samba that stems from a flaw discovered in the way Samba, which acts as an Active Directory domain controller, implements Kerberos name-based authentication. An attacker could exploit this flaw to gain access to domain-wide security vulnerabilities.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-12T00:00:00", "type": "cnvd", "title": "Samba Security Bypass Vulnerability (CNVD-2022-15500)", "bulletinFamily": "cnvd", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2022-03-01T00:00:00", "id": "CNVD-2022-15500", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-15500", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2022-07-12T18:39:46", "description": "ipa\n[4.9.6-10.0.1]\n- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]\n[4.9.6-10]\n- Bump realease version due to build issue.\n Related: RHBZ#2021489\n[4.9.6-9]\n- Hardening for CVE-2020-25717, part 3\n Related: RHBZ#2021489\n[4.9.6-8]\n- Hardening for CVE-2020-25717, part 2\n- Related: RHBZ#2021171\n[4.9.6-7]\n- Hardening for CVE-2020-25717\n- Related: RHBZ#2021171", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-16T00:00:00", "type": "oraclelinux", "title": "idm:DL1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-12-16T00:00:00", "id": "ELSA-2021-5142", "href": "http://linux.oracle.com/errata/ELSA-2021-5142.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T23:31:48", "description": "[4.6.8-5.0.1]\n- Blank out header-logo.png product-name.png\n- Replace login-screen-logo.png [Orabug: 20362818]\n[4.6.8-5.el7_9.10]\n- Resolves: 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server\n - Fix cert_request for KDC cert\n- Resolves: 2021444 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets\n - SMB: switch IPA domain controller role", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-17T00:00:00", "type": "oraclelinux", "title": "ipa security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2021-12-17T00:00:00", "id": "ELSA-2021-5195", "href": "http://linux.oracle.com/errata/ELSA-2021-5195.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-10-22T00:37:59", "description": "Total domain compromise is possible in samba:edge . Due to a flaw found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication, the Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-12T15:19:39", "type": "veracode", "title": "Total Domain Compromise", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2022-10-21T20:16:46", "id": "VERACODE:32941", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32941/summary", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "alpinelinux": [{"lastseen": "2023-09-25T23:08:37", "description": "A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T18:15:00", "type": "alpinelinux", "title": "CVE-2020-25719", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2023-09-17T09:15:00", "id": "ALPINE:CVE-2020-25719", "href": "https://security.alpinelinux.org/vuln/CVE-2020-25719", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-09-26T20:59:34", "description": "A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-18T18:15:00", "type": "debiancve", "title": "CVE-2020-25719", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25719"], "modified": "2022-02-18T18:15:00", "id": "DEBIANCVE:CVE-2020-25719", "href": "https://security-tracker.debian.org/tracker/CVE-2020-25719", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2023-06-24T14:39:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5003-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 09, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nCVE ID : CVE-2016-2124 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 \n CVE-2020-25721 CVE-2020-25722 CVE-2021-3738 CVE-2021-23192\n\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix.\n\nCVE-2016-2124\n\n Stefan Metzmacher reported that SMB1 client connections can be\n downgraded to plaintext authentication.\n\nCVE-2020-25717\n\n Andrew Bartlett reported that Samba may map domain users to local\n users in an undesired way, allowing for privilege escalation. The\n update introduces a new parameter &quot;min domain uid&quot; (default to 1000)\n to not accept a UNIX uid below this value.\n\nCVE-2020-25718\n\n Andrew Bartlett reported that Samba as AD DC, when joined by an\n RODC, did not confirm if the RODC was allowed to print a ticket for\n that user, allowing an RODC to print administrator tickets.\n\nCVE-2020-25719\n\n Andrew Bartlett reported that Samba as AD DC, did not always rely on\n the SID and PAC in Kerberos tickets and could be confused about the\n user a ticket represents. If a privileged account was attacked this\n could lead to total domain compromise.\n\nCVE-2020-25721\n\n Andrew Bartlett reported that Samba as a AD DC did not provide a way\n for Linux applications to obtain a reliable SID (and samAccountName)\n in issued tickets.\n\nCVE-2020-25722\n\n Andrew Bartlett reported that Samba as AD DC did not do sufficient\n access and conformance checking of data stored, potentially allowing\n total domain compromise.\n\nCVE-2021-3738\n\n William Ross reported that the Samba AD DC RPC server can use memory\n that was free&#x27;d when a sub-connection is closed, resulting in denial\n of service, and potentially, escalation of privileges.\n\nCVE-2021-23192\n\n Stefan Metzmacher reported that if a client to a Samba server sent a\n very large DCE/RPC request, and chose to fragment it, an attacker\n could replace later fragments with their own data, bypassing the\n signature requirements.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2:4.13.13+dfsg-1~deb11u2.\n\nWe recommend that you upgrade your samba packages.\n\nFor the detailed security status of samba please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/samba\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T18:46:42", "type": "debian", "title": "[SECURITY] [DSA 5003-1] samba security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-09T18:46:42", "id": "DEBIAN:DSA-5003-1:8E2FB", "href": "https://lists.debian.org/debian-security-announce/2021/msg00188.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-11-23T10:16:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5003-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 09, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nCVE ID : CVE-2016-2124 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 \n CVE-2020-25721 CVE-2020-25722 CVE-2021-3738 CVE-2021-23192\n\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix.\n\nCVE-2016-2124\n\n Stefan Metzmacher reported that SMB1 client connections can be\n downgraded to plaintext authentication.\n\nCVE-2020-25717\n\n Andrew Bartlett reported that Samba may map domain users to local\n users in an undesired way, allowing for privilege escalation. The\n update introduces a new parameter &quot;min domain uid&quot; (default to 1000)\n to not accept a UNIX uid below this value.\n\nCVE-2020-25718\n\n Andrew Bartlett reported that Samba as AD DC, when joined by an\n RODC, did not confirm if the RODC was allowed to print a ticket for\n that user, allowing an RODC to print administrator tickets.\n\nCVE-2020-25719\n\n Andrew Bartlett reported that Samba as AD DC, did not always rely on\n the SID and PAC in Kerberos tickets and could be confused about the\n user a ticket represents. If a privileged account was attacked this\n could lead to total domain compromise.\n\nCVE-2020-25721\n\n Andrew Bartlett reported that Samba as a AD DC did not provide a way\n for Linux applications to obtain a reliable SID (and samAccountName)\n in issued tickets.\n\nCVE-2020-25722\n\n Andrew Bartlett reported that Samba as AD DC did not do sufficient\n access and conformance checking of data stored, potentially allowing\n total domain compromise.\n\nCVE-2021-3738\n\n William Ross reported that the Samba AD DC RPC server can use memory\n that was free&#x27;d when a sub-connection is closed, resulting in denial\n of service, and potentially, escalation of privileges.\n\nCVE-2021-23192\n\n Stefan Metzmacher reported that if a client to a Samba server sent a\n very large DCE/RPC request, and chose to fragment it, an attacker\n could replace later fragments with their own data, bypassing the\n signature requirements.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2:4.13.13+dfsg-1~deb11u2.\n\nWe recommend that you upgrade your samba packages.\n\nFor the detailed security status of samba please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/samba\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2021-11-09T18:46:42", "type": "debian", "title": "[SECURITY] [DSA 5003-1] samba security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-09T18:46:42", "id": "DEBIAN:DSA-5003-1:02DD1", "href": "https://lists.debian.org/debian-security-announce/2021/msg00188.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-09-26T01:19:52", "description": "Multiple security issues affecting ldb, samba and sssd. See references for details. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-26T00:14:13", "type": "mageia", "title": "Updated samba packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-12-26T00:14:13", "id": "MGASA-2021-0585", "href": "https://advisories.mageia.org/MGASA-2021-0585.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "altlinux": [{"lastseen": "2023-05-08T01:49:08", "description": "Nov. 7, 2021 Evgeny Sinelnikov 4.14.10-alt1\n \n \n - Update to latest security release of Samba 4.14\n - Security fixes:\n + CVE-2016-2124: SMB1 client connections can be downgraded to plaintext\n authentication.\n https://www.samba.org/samba/security/CVE-2016-2124.html\n + CVE-2020-25717: A user on the domain can become root on domain members.\n https://www.samba.org/samba/security/CVE-2020-25717.html\n + CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets\n issued by an RODC.\n https://www.samba.org/samba/security/CVE-2020-25718.html\n + CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in\n Kerberos tickets.\n https://www.samba.org/samba/security/CVE-2020-25719.html\n + CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers\n (eg objectSid).\n https://www.samba.org/samba/security/CVE-2020-25721.html\n + CVE-2020-25722: Samba AD DC did not do suffienct access and conformance\n checking of data stored.\n https://www.samba.org/samba/security/CVE-2020-25722.html\n + CVE-2021-3738: Use after free in Samba AD DC RPC server.\n https://www.samba.org/samba/security/CVE-2021-3738.html\n + CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.\n https://www.samba.org/samba/security/CVE-2021-23192.html\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-07T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package samba version 4.14.10-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-07T00:00:00", "id": "20CA683D2CF97ADF91AB3B432668CB10", "href": "https://packages.altlinux.org/en/p10/srpms/samba/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2023-09-26T00:05:13", "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-01T01:14:11", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: samba-4.14.10-2.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-12-01T01:14:11", "id": "FEDORA:EACD530A3C34", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TD6C444QAV5EBQMTPDWKK62S7AGAYO3X/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-09-26T00:05:12", "description": "IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-19T01:16:31", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: freeipa-4.9.7-4.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-19T01:16:31", "id": "FEDORA:A43C930FA07D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LI2QSKDJHUFFOMIHOSUAGFIJXMODMHYR/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-09-26T00:05:12", "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-19T01:16:32", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: samba-4.15.2-3.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-19T01:16:32", "id": "FEDORA:553FD313C434", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QVXLHLIEQEAN7TGOH56LUEA6P4Y4GIZB/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-09-26T00:05:13", "description": "An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-01T01:14:11", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: libldb-2.3.2-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-12-01T01:14:11", "id": "FEDORA:D24DD30A3C02", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KWT77JQ7DSKY22Q3CQ4SAFAN7Q5KW2PF/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-09-26T00:05:13", "description": "IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-01T01:14:11", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: freeipa-4.9.6-4.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-12-01T01:14:11", "id": "FEDORA:5822630A3C02", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HCFEWCEH4EO66RNIVTBGCWEUL43SJ3ZJ/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "cisa": [{"lastseen": "2022-03-01T11:30:08", "description": "The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.\n\nCISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates and workarounds.\n\n * [CVE-2016-2124](<https://www.samba.org/samba/security/CVE-2016-2124.html>)\n * [CVE-2020-25717](<https://www.samba.org/samba/security/CVE-2020-25717.html>)\n * [CVE-2020-25718](<https://www.samba.org/samba/security/CVE-2020-25718.html>)\n * [CVE-2020-25719](<https://www.samba.org/samba/security/CVE-2020-25719.html>)\n * [CVE-2020-25721](<https://www.samba.org/samba/security/CVE-2020-25721.html>)\n * [CVE-2020-25722](<https://www.samba.org/samba/security/CVE-2020-25722.html>)\n * [CVE-2021-3738](<https://www.samba.org/samba/security/CVE-2021-3738.html>)\n * [CVE-2021-23192](<https://www.samba.org/samba/security/CVE-2021-23192.html>) \n\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2021/11/09/samba-releases-security-updates>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-09T00:00:00", "type": "cisa", "title": "Samba Releases Security Updates", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-09T00:00:00", "id": "CISA:7654250BF4793EF3C7F73F123A9B6747", "href": "https://us-cert.cisa.gov/ncas/current-activity/2021/11/09/samba-releases-security-updates", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-09-26T01:17:18", "description": "\n\nThe Samba Team reports:\n\n\nCVE-2020-25717: A user in an AD Domain could become root on domain\n\t members.\nCVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos\n\t tickets issued by an RODC.\nCVE-2020-25719: Samba AD DC did not always rely on the SID and PAC\n\t in Kerberos tickets.\nCVE-2020-25721: Kerberos acceptors need easy access to stable\n\t AD identifiers (eg objectSid).\nCVE-2020-25722: Samba AD DC did not do sufficient access and\n\t conformance checking of data stored.\nCVE-2016-2124: SMB1 client connections can be downgraded to plaintext\n\t authentication.\nCVE-2021-3738: Use after free in Samba AD DC RPC server.\nCVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-10T00:00:00", "type": "freebsd", "title": "samba -- Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-10T00:00:00", "id": "646923B0-41C7-11EC-A3B2-005056A311D1", "href": "https://vuxml.freebsd.org/freebsd/646923b0-41c7-11ec-a3b2-005056a311d1.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-09-27T23:05:56", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 21.04 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * samba \\- SMB/CIFS file, print, and login server for Unix\n\nUSN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes \nintroduced regressions in name mapping and backups.\n\nPlease see the following upstream bugs for more information: \n<https://bugzilla.samba.org/show_bug.cgi?id=14901> \n<https://bugzilla.samba.org/show_bug.cgi?id=14918>\n\nThis update fixes the problem.\n\nOriginal advisory details:\n\nStefan Metzmacher discovered that Samba incorrectly handled SMB1 client \nconnections. A remote attacker could possibly use this issue to downgrade \nconnections to plaintext authentication. (CVE-2016-2124)\n\nAndrew Bartlett discovered that Samba incorrectly mapping domain users to \nlocal users. An authenticated attacker could possibly use this issue to \nbecome root on domain members. (CVE-2020-25717)\n\nAndrew Bartlett discovered that Samba did not correctly sandbox Kerberos \ntickets issues by an RODC. An RODC could print administrator tickets, \ncontrary to expectations. (CVE-2020-25718)\n\nAndrew Bartlett discovered that Samba incorrectly handled Kerberos tickets. \nDelegated administrators could possibly use this issue to impersonate \naccounts, leading to total domain compromise. (CVE-2020-25719)\n\nAndrew Bartlett discovered that Samba did not provide stable AD \nidentifiers to Kerberos acceptors. (CVE-2020-25721)\n\nAndrew Bartlett discovered that Samba did not properly check sensitive \nattributes. An authenticated attacker could possibly use this issue to \nescalate privileges. (CVE-2020-25722)\n\nStefan Metzmacher discovered that Samba incorrectly handled certain large \nDCE/RPC requests. A remote attacker could possibly use this issue to \nbypass signature requirements. (CVE-2021-23192)\n\nWilliam Ross discovered that Samba incorrectly handled memory. A remote \nattacker could use this issue to cause Samba to crash, resulting in a \ndenial of service, or possibly escalate privileges. (CVE-2021-3738)\n\nJoseph Sutton discovered that Samba incorrectly handled certain TGS \nrequests. An authenticated attacker could possibly use this issue to cause \nSamba to crash, resulting in a denial of service. (CVE-2021-3671)\n\nThe fix for CVE-2020-25717 results in possible behaviour changes that could \naffect certain environments. Please see the upstream advisory for more \ninformation:\n\n<https://www.samba.org/samba/security/>CVE-2020-25717.html\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-06T00:00:00", "type": "ubuntu", "title": "Samba regressions", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2021-12-06T00:00:00", "id": "USN-5142-2", "href": "https://ubuntu.com/security/notices/USN-5142-2", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T23:08:02", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 21.04 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * samba \\- SMB/CIFS file, print, and login server for Unix\n\nStefan Metzmacher discovered that Samba incorrectly handled SMB1 client \nconnections. A remote attacker could possibly use this issue to downgrade \nconnections to plaintext authentication. (CVE-2016-2124)\n\nAndrew Bartlett discovered that Samba incorrectly mapping domain users to \nlocal users. An authenticated attacker could possibly use this issue to \nbecome root on domain members. (CVE-2020-25717)\n\nAndrew Bartlett discovered that Samba did not correctly sandbox Kerberos \ntickets issues by an RODC. An RODC could print administrator tickets, \ncontrary to expectations. (CVE-2020-25718)\n\nAndrew Bartlett discovered that Samba incorrectly handled Kerberos tickets. \nDelegated administrators could possibly use this issue to impersonate \naccounts, leading to total domain compromise. (CVE-2020-25719)\n\nAndrew Bartlett discovered that Samba did not provide stable AD \nidentifiers to Kerberos acceptors. (CVE-2020-25721)\n\nAndrew Bartlett discovered that Samba did not properly check sensitive \nattributes. An authenticated attacker could possibly use this issue to \nescalate privileges. (CVE-2020-25722)\n\nStefan Metzmacher discovered that Samba incorrectly handled certain large \nDCE/RPC requests. A remote attacker could possibly use this issue to \nbypass signature requirements. (CVE-2021-23192)\n\nWilliam Ross discovered that Samba incorrectly handled memory. A remote \nattacker could use this issue to cause Samba to crash, resulting in a \ndenial of service, or possibly escalate privileges. (CVE-2021-3738)\n\nJoseph Sutton discovered that Samba incorrectly handled certain TGS \nrequests. An authenticated attacker could possibly use this issue to cause \nSamba to crash, resulting in a denial of service. (CVE-2021-3671)\n\nThe fix for CVE-2020-25717 results in possible behaviour changes that could \naffect certain environments. Please see the upstream advisory for more \ninformation:\n\n<https://www.samba.org/samba/security/>CVE-2020-25717.html\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-11T00:00:00", "type": "ubuntu", "title": "Samba vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2021-11-11T00:00:00", "id": "USN-5142-1", "href": "https://ubuntu.com/security/notices/USN-5142-1", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T23:05:40", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 21.04 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * samba \\- SMB/CIFS file, print, and login server for Unix\n\nUSN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes \nintroduced a regression in Kerberos authentication in certain environments.\n\nPlease see the following upstream bug for more information: \n<https://bugzilla.samba.org/show_bug.cgi?id=14922>\n\nThis update fixes the problem.\n\nOriginal advisory details:\n\nStefan Metzmacher discovered that Samba incorrectly handled SMB1 client \nconnections. A remote attacker could possibly use this issue to downgrade \nconnections to plaintext authentication. (CVE-2016-2124)\n\nAndrew Bartlett discovered that Samba incorrectly mapping domain users to \nlocal users. An authenticated attacker could possibly use this issue to \nbecome root on domain members. (CVE-2020-25717)\n\nAndrew Bartlett discovered that Samba did not correctly sandbox Kerberos \ntickets issues by an RODC. An RODC could print administrator tickets, \ncontrary to expectations. (CVE-2020-25718)\n\nAndrew Bartlett discovered that Samba incorrectly handled Kerberos tickets. \nDelegated administrators could possibly use this issue to impersonate \naccounts, leading to total domain compromise. (CVE-2020-25719)\n\nAndrew Bartlett discovered that Samba did not provide stable AD \nidentifiers to Kerberos acceptors. (CVE-2020-25721)\n\nAndrew Bartlett discovered that Samba did not properly check sensitive \nattributes. An authenticated attacker could possibly use this issue to \nescalate privileges. (CVE-2020-25722)\n\nStefan Metzmacher discovered that Samba incorrectly handled certain large \nDCE/RPC requests. A remote attacker could possibly use this issue to \nbypass signature requirements. (CVE-2021-23192)\n\nWilliam Ross discovered that Samba incorrectly handled memory. A remote \nattacker could use this issue to cause Samba to crash, resulting in a \ndenial of service, or possibly escalate privileges. (CVE-2021-3738)\n\nJoseph Sutton discovered that Samba incorrectly handled certain TGS \nrequests. An authenticated attacker could possibly use this issue to cause \nSamba to crash, resulting in a denial of service. (CVE-2021-3671)\n\nThe fix for CVE-2020-25717 results in possible behaviour changes that could \naffect certain environments. Please see the upstream advisory for more \ninformation:\n\n<https://www.samba.org/samba/security/>CVE-2020-25717.html\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-13T00:00:00", "type": "ubuntu", "title": "Samba regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3671", "CVE-2021-3738"], "modified": "2021-12-13T00:00:00", "id": "USN-5142-3", "href": "https://ubuntu.com/security/notices/USN-5142-3", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-06T19:34:23", "description": "An update that fixes 8 vulnerabilities is now available.\n\nDescription:\n\n This update for samba and ldb fixes the following issues:\n\n - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator\n tickets to other servers (bsc#1192246).\n - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).\n - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we\n require kerberos (bsc#1014440).\n - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a\n user could become root on domain members (bsc#1192284).\n - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given\n (bsc#1192247).\n - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level\n bug for AD DC validation issues) (bsc#1192283).\n - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments\n against the first auth_state (bsc#1192214).\n - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values\n (bsc#1192505).\n\n Samba was updated to 4.13.13\n\n * rodc_rwdc test flaps;(bso#14868).\n * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).\n * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit'\n S4U2Proxy Constrained Delegation bypass in Samba with embedded\n Heimdal;(bso#14642).\n * Python ldb.msg_diff() memory handling failure;(bso#14836).\n * \"in\" operator on ldb.Message is case sensitive;(bso#14845).\n * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).\n * Allow special chars like \"@\" in samAccountName when generating the\n salt;(bso#14874).\n * Fix transit path validation;(bso#12998).\n * Prepare to operate with MIT krb5 >= 1.20;(bso#14870).\n * rpcclient NetFileEnum and net rpc file both cause lock order violation:\n brlock.tdb, share_entries.tdb;(bso#14645).\n * Python ldb.msg_diff() memory handling failure;(bso#14836).\n * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).\n\n Samba was updated to 4.13.12:\n\n * Address a signifcant performance regression in database access in the AD\n DC since Samba 4.12;(bso#14806).\n * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba\n 4.9 by using an explicit database handle cache; (bso#14807).\n * An unuthenticated user can crash the AD DC KDC by omitting the server\n name in a TGS-REQ;(bso#14817).\n * Address flapping samba_tool_drs_showrepl test;(bso#14818).\n * Address flapping dsdb_schema_attributes test;(bso#14819).\n * An unuthenticated user can crash the AD DC KDC by omitting the server\n name in a TGS-REQ;(bso#14817).\n * Fix CTDB flag/status update race conditions(bso#14784).\n\n Samba was updated to 4.13.11:\n\n * smbd: panic on force-close share during offload write; (bso#14769).\n * Fix returned attributes on fake quota file handle and avoid hitting the\n VFS;(bso#14731).\n * smbd: \"deadtime\" parameter doesn't work anymore;(bso#14783).\n * net conf list crashes when run as normal user;(bso#14787).\n * Work around special SMB2 READ response behavior of NetApp Ontap\n 7.3.7;(bso#14607).\n * Start the SMB encryption as soon as possible;(bso#14793).\n * Winbind should not start if the socket path for the privileged pipe is\n too long;(bso#14792).\n\n ldb was updated to 2.2.2:\n\n + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets\n to other servers; (bsc#1192246); (bso#14558)\n + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)\n\n Release ldb 2.2.2\n\n + Corrected python behaviour for 'in' for LDAP attributes contained as\n part of ldb.Message;(bso#14845).\n + Fix memory handling in ldb.msg_diff Corrected python\n docstrings;(bso#14836)\n + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-3647=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-10T00:00:00", "type": "suse", "title": "Security update for samba and ldb (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-17049", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-23192", "CVE-2021-3738"], "modified": "2021-11-10T00:00:00", "id": "OPENSUSE-SU-2021:3647-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/36K5HNX67LYX5XOVQRL3MSIC5YSJ5M5W/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-09-28T05:08:59", "description": "### Background\n\nSamba is a suite of SMB and CIFS client/server programs.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Samba users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-fs/samba-4.18.4\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-09-17T00:00:00", "type": "gentoo", "title": "Samba: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4559", "CVE-2016-2124", "CVE-2020-17049", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-20251", "CVE-2021-20316", "CVE-2021-23192", "CVE-2021-3670", "CVE-2021-3738", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336", "CVE-2022-1615", "CVE-2022-2031", "CVE-2022-32742", "CVE-2022-32743", "CVE-2022-32744", "CVE-2022-32745", "CVE-2022-32746", "CVE-2022-3437", "CVE-2022-3592", "CVE-2022-37966", "CVE-2022-37967", "CVE-2022-38023", "CVE-2022-42898", "CVE-2022-45141", "CVE-2023-0225", "CVE-2023-0614", "CVE-2023-0922"], "modified": "2023-09-17T00:00:00", "id": "GLSA-202309-06", "href": "https://security.gentoo.org/glsa/202309-06", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}