ID SOL51324410
Type f5
Reporter f5
Modified 2016-04-11T00:00:00
Description
Vulnerability Recommended Actions
None
Supplemental Information
- SOL9970: Subscribing to email notifications regarding F5 products
- SOL9957: Creating a custom RSS feed to view new and updated documents
- SOL4602: Overview of the F5 security vulnerability response policy
- SOL4918: Overview of the F5 critical issue hotfix policy
{"published": "2016-04-11T00:00:00", "id": "SOL51324410", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2016-09-26T17:23:06", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K51324410"]}, {"type": "cve", "idList": ["CVE-2015-7560", "CVE-2016-0771"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842679", "OPENVAS:1361412562310703514", "OPENVAS:703514", "OPENVAS:1361412562311220161006", "OPENVAS:1361412562310851246", "OPENVAS:1361412562310807320", "OPENVAS:1361412562310851248", "OPENVAS:1361412562310122901", "OPENVAS:1361412562310882420", "OPENVAS:1361412562310871573"]}, {"type": "nessus", "idList": ["EULEROS_SA-2016-1006.NASL", "OPENSUSE-2016-359.NASL", "FEDORA_2016-4B55F00D00.NASL", "OPENSUSE-2016-399.NASL", "ALA_ALAS-2016-674.NASL", "SLACKWARE_SSA_2016-068-02.NASL", "UBUNTU_USN-2922-1.NASL", "FEDORA_2016-CAD77A4576.NASL", "DEBIAN_DSA-3514.NASL", "SAMBA_4_3_6.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2016:0837-1", "OPENSUSE-SU-2016:1064-1", "OPENSUSE-SU-2016:1107-1", "SUSE-SU-2016:0905-1", "SUSE-SU-2016:0814-1", "OPENSUSE-SU-2016:1106-1", "SUSE-SU-2016:0816-1", "OPENSUSE-SU-2016:0813-1", "OPENSUSE-SU-2016:0877-1"]}, {"type": "slackware", "idList": ["SSA-2016-068-02"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3514-1:75722"]}, {"type": "ubuntu", "idList": ["USN-2922-1"]}, {"type": "redhat", "idList": ["RHSA-2016:0449", "RHSA-2016:0447", "RHSA-2016:0448"]}, {"type": "fedora", "idList": ["FEDORA:2BC88606E7E5", "FEDORA:E88A5614B788", "FEDORA:3B80760C76A4"]}, {"type": "samba", "idList": ["SAMBA:CVE-2015-7560", "SAMBA:CVE-2016-0771"]}, {"type": "centos", "idList": ["CESA-2016:0449", "CESA-2016:0448"]}, {"type": "amazon", "idList": ["ALAS-2016-674"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-1860", "ELSA-2016-0449", "ELSA-2016-0448"]}], "modified": "2016-09-26T17:23:06", "rev": 2}, "vulnersScore": 5.6}, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "type": "f5", "lastseen": "2016-09-26T17:23:06", "edition": 1, "title": "SOL51324410 - SAMBA vulnerabilities CVE-2015-7560 and CVE-2016-0771", "href": "http://support.f5.com/kb/en-us/solutions/public/k/51/sol51324410.html", "modified": "2016-04-11T00:00:00", "bulletinFamily": "software", "viewCount": 2, "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "affectedSoftware": [], "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "reporter": "f5", "immutableFields": []}
{"f5": [{"lastseen": "2017-06-08T00:16:37", "bulletinFamily": "software", "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.2.1 - 11.6.0 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.2.1 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.2.1 - 11.6.0 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.2.1 - 11.6.0 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.2.1 - 11.6.0 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.2.1 - 11.6.0 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.2.1 - 11.4.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.2.1 \n10.2.1 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T17:55:00", "published": "2016-04-11T19:55:00", "href": "https://support.f5.com/csp/article/K51324410", "id": "F5:K51324410", "title": "SAMBA vulnerabilities CVE-2015-7560 and CVE-2016-0771", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2021-02-02T06:21:29", "description": "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-13T22:59:00", "title": "CVE-2015-7560", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7560"], "modified": "2016-12-03T03:13:00", "cpe": ["cpe:/a:samba:samba:4.0.6", "cpe:/a:samba:samba:3.0.6", "cpe:/a:samba:samba:4.0.8", "cpe:/a:samba:samba:3.0.16", "cpe:/a:samba:samba:3.5.5", "cpe:/a:samba:samba:4.1.4", "cpe:/a:samba:samba:4.1.8", "cpe:/a:samba:samba:4.2.2", "cpe:/a:samba:samba:3.2.14", "cpe:/a:samba:samba:3.4.1", "cpe:/a:samba:samba:3.5.17", "cpe:/a:samba:samba:4.1.10", "cpe:/a:samba:samba:4.0.19", "cpe:/a:samba:samba:4.1.5", "cpe:/a:samba:samba:3.3.9", "cpe:/a:samba:samba:3.0.23", "cpe:/a:samba:samba:4.0.22", "cpe:/a:samba:samba:3.4.0", "cpe:/a:samba:samba:3.5.8", "cpe:/a:samba:samba:3.6.13", "cpe:/a:samba:samba:3.2.9", "cpe:/a:samba:samba:3.3.13", "cpe:/a:samba:samba:3.5.11", "cpe:/a:samba:samba:3.2.11", "cpe:/a:samba:samba:3.3.6", "cpe:/a:samba:samba:3.6.18", "cpe:/a:samba:samba:3.1.0", "cpe:/a:samba:samba:4.0.4", "cpe:/a:samba:samba:4.2.4", "cpe:/a:samba:samba:3.5.13", "cpe:/a:samba:samba:3.0.30", "cpe:/a:samba:samba:3.5.12", "cpe:/a:samba:samba:3.3.2", "cpe:/a:samba:samba:3.4.9", "cpe:/a:samba:samba:4.1.13", "cpe:/a:samba:samba:4.1.19", "cpe:/a:samba:samba:3.2.15", "cpe:/a:samba:samba:3.0.21c", "cpe:/a:samba:samba:4.0.15", "cpe:/a:samba:samba:3.0.11", "cpe:/a:samba:samba:3.4.16", "cpe:/a:samba:samba:3.4.12", "cpe:/a:samba:samba:3.0.21b", "cpe:/a:samba:samba:4.1.20", "cpe:/a:samba:samba:4.2.6", "cpe:/a:samba:samba:3.6.19", "cpe:/a:samba:samba:3.6.7", "cpe:/a:samba:samba:3.0.26a", "cpe:/a:samba:samba:3.6.24", "cpe:/a:samba:samba:3.4.14", "cpe:/a:samba:samba:3.0.23d", "cpe:/a:samba:samba:3.6.21", "cpe:/a:samba:samba:3.4.15", "cpe:/a:samba:samba:3.5.19", "cpe:/a:samba:samba:3.4.5", "cpe:/a:samba:samba:4.0.12", "cpe:/a:samba:samba:3.0.21", "cpe:/a:samba:samba:3.0.9", "cpe:/a:samba:samba:4.0.3", "cpe:/a:samba:samba:3.3.3", "cpe:/a:samba:samba:3.0.20b", "cpe:/a:samba:samba:4.2.8", "cpe:/a:samba:samba:3.2.10", "cpe:/a:samba:samba:3.5.15", "cpe:/a:samba:samba:3.2.8", "cpe:/a:samba:samba:3.2.5", "cpe:/a:samba:samba:4.3.4", "cpe:/a:samba:samba:3.0.35", "cpe:/a:samba:samba:3.0.10", "cpe:/a:samba:samba:4.1.17", "cpe:/a:samba:samba:3.4.8", "cpe:/a:samba:samba:4.1.1", "cpe:/a:samba:samba:3.4.13", "cpe:/a:samba:samba:3.3.4", "cpe:/a:samba:samba:3.3.1", "cpe:/a:samba:samba:3.3.16", "cpe:/a:samba:samba:4.3.3", "cpe:/a:samba:samba:4.0.24", "cpe:/a:samba:samba:3.0.37", "cpe:/a:samba:samba:4.0.2", "cpe:/a:samba:samba:4.0.7", "cpe:/a:samba:samba:3.0.15", "cpe:/a:samba:samba:3.6.2", "cpe:/a:samba:samba:3.6.14", "cpe:/a:samba:samba:3.5.2", "cpe:/a:samba:samba:4.3.1", "cpe:/a:samba:samba:3.2.13", "cpe:/a:samba:samba:4.0.16", "cpe:/a:samba:samba:3.0.24", "cpe:/a:samba:samba:3.5.21", "cpe:/a:samba:samba:3.6.12", "cpe:/a:samba:samba:3.5.6", "cpe:/a:samba:samba:3.4.10", "cpe:/a:samba:samba:4.0.11", "cpe:/a:samba:samba:3.0.25c", "cpe:/a:samba:samba:3.4.6", "cpe:/a:samba:samba:3.2.1", "cpe:/a:samba:samba:4.0.9", "cpe:/a:samba:samba:3.6.10", "cpe:/a:samba:samba:3.0.34", "cpe:/a:samba:samba:4.1.6", "cpe:/a:samba:samba:3.0.3", "cpe:/a:samba:samba:4.1.12", "cpe:/a:samba:samba:4.1.21", "cpe:/a:samba:samba:3.6.9", "cpe:/a:samba:samba:3.0.7", "cpe:/a:samba:samba:3.6.0", "cpe:/a:samba:samba:4.2.5", "cpe:/a:samba:samba:4.0.10", "cpe:/a:samba:samba:4.0.23", "cpe:/a:samba:samba:4.1.0", "cpe:/a:samba:samba:3.3.0", "cpe:/a:samba:samba:3.0.0", "cpe:/a:samba:samba:3.5.22", "cpe:/a:samba:samba:3.0.20", "cpe:/a:samba:samba:3.0.25a", "cpe:/a:samba:samba:3.0.1", "cpe:/a:samba:samba:3.0.22", "cpe:/a:samba:samba:3.6.11", "cpe:/a:samba:samba:3.3.5", "cpe:/a:samba:samba:3.0.23b", "cpe:/a:samba:samba:3.3.11", "cpe:/a:samba:samba:3.0.29", "cpe:/a:samba:samba:3.4.3", "cpe:/a:samba:samba:4.0.14", "cpe:/a:samba:samba:4.1.7", "cpe:/a:samba:samba:3.2.2", "cpe:/a:samba:samba:4.0.1", "cpe:/a:samba:samba:4.1.22", "cpe:/a:samba:samba:3.0.23a", "cpe:/a:samba:samba:3.0.4", "cpe:/a:samba:samba:3.2.0", "cpe:/a:samba:samba:4.2.0", "cpe:/a:samba:samba:3.5.14", "cpe:/a:samba:samba:3.4.4", "cpe:/a:samba:samba:3.6.1", "cpe:/a:samba:samba:3.3.15", "cpe:/a:samba:samba:3.6.17", "cpe:/a:samba:samba:4.2.7", "cpe:/a:samba:samba:3.0.5", "cpe:/a:samba:samba:3.2.4", "cpe:/a:samba:samba:3.6.20", "cpe:/a:samba:samba:3.3.14", "cpe:/a:samba:samba:3.5.20", "cpe:/a:samba:samba:3.6.3", "cpe:/a:samba:samba:3.6.8", "cpe:/a:samba:samba:3.0.26", "cpe:/a:samba:samba:4.0.5", "cpe:/a:samba:samba:4.0.13", "cpe:/a:samba:samba:3.4.17", "cpe:/a:samba:samba:4.0.21", "cpe:/a:samba:samba:3.6.6", "cpe:/a:samba:samba:3.0.14a", "cpe:/a:samba:samba:3.5.10", "cpe:/a:samba:samba:4.1.9", "cpe:/a:samba:samba:3.2.7", "cpe:/a:samba:samba:3.6.16", "cpe:/a:samba:samba:3.3.12", "cpe:/a:samba:samba:4.1.18", "cpe:/a:samba:samba:3.0.8", "cpe:/a:samba:samba:3.6.22", "cpe:/a:samba:samba:3.5.7", "cpe:/a:samba:samba:3.6.4", "cpe:/a:samba:samba:3.5.3", "cpe:/a:samba:samba:3.6.15", "cpe:/a:samba:samba:4.1.16", "cpe:/a:samba:samba:3.6.23", "cpe:/a:samba:samba:3.5.16", "cpe:/a:samba:samba:3.5.0", "cpe:/a:samba:samba:4.1.14", "cpe:/a:samba:samba:3.0.21a", "cpe:/a:samba:samba:3.0.2", "cpe:/a:samba:samba:3.0.14", "cpe:/a:samba:samba:4.4.0", "cpe:/a:samba:samba:4.2.1", "cpe:/a:samba:samba:3.5.4", "cpe:/a:samba:samba:3.2.6", "cpe:/a:samba:samba:3.0.19", "cpe:/a:samba:samba:3.0.2a", "cpe:/a:samba:samba:3.3.8", "cpe:/a:samba:samba:3.4.7", "cpe:/a:samba:samba:3.0.12", "cpe:/a:samba:samba:3.0.23c", "cpe:/a:samba:samba:4.3.5", "cpe:/a:samba:samba:4.1.11", "cpe:/a:samba:samba:4.0.20", "cpe:/a:samba:samba:4.1.15", "cpe:/a:samba:samba:4.2.3", "cpe:/a:samba:samba:3.0.27", "cpe:/a:samba:samba:3.0.25", "cpe:/a:samba:samba:3.0.36", "cpe:/a:samba:samba:3.4.11", "cpe:/a:samba:samba:3.0.33", "cpe:/a:samba:samba:3.0.18", "cpe:/a:samba:samba:4.0.0", "cpe:/a:samba:samba:3.0.13", "cpe:/a:samba:samba:3.5.9", "cpe:/a:samba:samba:4.3.2", "cpe:/a:samba:samba:3.6.5", "cpe:/a:samba:samba:3.0.20a", "cpe:/a:samba:samba:3.0.17", "cpe:/a:samba:samba:3.5.1", "cpe:/a:samba:samba:3.3.7", "cpe:/a:samba:samba:3.0.28", "cpe:/a:samba:samba:4.3.0", "cpe:/a:samba:samba:4.0.17", "cpe:/a:samba:samba:4.0.18", "cpe:/a:samba:samba:3.5.18", "cpe:/a:samba:samba:4.1.3", "cpe:/a:samba:samba:3.2.3", "cpe:/a:samba:samba:3.0.25b", "cpe:/a:samba:samba:3.0.32", "cpe:/a:samba:samba:3.2.12", "cpe:/a:samba:samba:3.3.10", "cpe:/a:samba:samba:3.4.2", "cpe:/a:samba:samba:3.0.31", "cpe:/a:samba:samba:4.1.2"], "id": "CVE-2015-7560", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7560", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:c:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:d:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.23:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.20:b:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.21:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.14:a:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.2}, "published": "2016-03-13T22:59:00", "title": "CVE-2016-0771", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0771"], "modified": "2016-12-03T03:18:00", "cpe": ["cpe:/a:samba:samba:4.0.6", "cpe:/a:samba:samba:4.0.8", "cpe:/a:samba:samba:4.1.4", "cpe:/a:samba:samba:4.1.8", "cpe:/a:samba:samba:4.2.2", "cpe:/a:samba:samba:4.1.10", "cpe:/a:samba:samba:4.0.19", "cpe:/a:samba:samba:4.1.5", "cpe:/a:samba:samba:4.0.22", "cpe:/a:samba:samba:4.0.4", "cpe:/a:samba:samba:4.2.4", "cpe:/a:samba:samba:4.1.13", "cpe:/a:samba:samba:4.1.19", "cpe:/a:samba:samba:4.0.15", "cpe:/a:samba:samba:4.1.20", "cpe:/a:samba:samba:4.2.6", "cpe:/a:samba:samba:4.0.12", "cpe:/a:samba:samba:4.0.3", "cpe:/a:samba:samba:4.2.8", "cpe:/a:samba:samba:4.3.4", "cpe:/a:samba:samba:4.1.17", "cpe:/a:samba:samba:4.1.1", "cpe:/a:samba:samba:4.3.3", "cpe:/a:samba:samba:4.0.24", "cpe:/a:samba:samba:4.0.2", "cpe:/a:samba:samba:4.0.7", "cpe:/a:samba:samba:4.3.1", "cpe:/a:samba:samba:4.0.16", "cpe:/a:samba:samba:4.0.11", "cpe:/a:samba:samba:4.0.9", "cpe:/a:samba:samba:4.1.6", "cpe:/a:samba:samba:4.1.12", "cpe:/a:samba:samba:4.1.21", "cpe:/a:samba:samba:4.2.5", "cpe:/a:samba:samba:4.0.10", "cpe:/a:samba:samba:4.0.23", "cpe:/a:samba:samba:4.1.0", "cpe:/a:samba:samba:4.0.14", "cpe:/a:samba:samba:4.1.7", "cpe:/a:samba:samba:4.0.1", "cpe:/a:samba:samba:4.1.22", "cpe:/a:samba:samba:4.2.0", "cpe:/a:samba:samba:4.2.7", "cpe:/a:samba:samba:4.0.5", "cpe:/a:samba:samba:4.0.13", "cpe:/a:samba:samba:4.0.21", "cpe:/a:samba:samba:4.1.9", "cpe:/a:samba:samba:4.1.18", "cpe:/a:samba:samba:4.1.16", "cpe:/a:samba:samba:4.1.14", "cpe:/a:samba:samba:4.4.0", "cpe:/a:samba:samba:4.2.1", "cpe:/a:samba:samba:4.3.5", "cpe:/a:samba:samba:4.1.11", "cpe:/a:samba:samba:4.0.20", "cpe:/a:samba:samba:4.1.15", "cpe:/a:samba:samba:4.2.3", "cpe:/a:samba:samba:4.0.0", "cpe:/a:samba:samba:4.3.2", "cpe:/a:samba:samba:4.3.0", "cpe:/a:samba:samba:4.0.17", "cpe:/a:samba:samba:4.0.18", "cpe:/a:samba:samba:4.1.3", "cpe:/a:samba:samba:4.1.2"], "id": "CVE-2016-0771", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0771", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:samba:samba:4.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-31T18:34:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-03-19T00:00:00", "id": "OPENVAS:1361412562310851248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851248", "type": "openvas", "title": "openSUSE: Security Advisory for samba (openSUSE-SU-2016:0813-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851248\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-19 06:18:22 +0100 (Sat, 19 Mar 2016)\");\n script_cve_id(\"CVE-2015-7560\", \"CVE-2016-0771\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for samba (openSUSE-SU-2016:0813-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for samba fixes the following issues:\n\n Version update to 4.1.23.\n + Getting and setting Windows ACLs on symlinks can change permissions on\n link target CVE-2015-7560 (bso#11648) (boo#968222).\n + Fix Out-of-bounds read in internal DNS server CVE-2016-0771\n (bso#11128) (bso#11686) (boo#968223).\n\n Also fixed:\n\n - Ensure samlogon fallback requests are rerouted after kerberos failure\n (bnc#953382) (bnc#953972).\");\n\n script_tag(name:\"affected\", value:\"samba on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0813-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc-devel\", rpm:\"libdcerpc-atsvc-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0\", rpm:\"libdcerpc-atsvc0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0-debuginfo\", rpm:\"libdcerpc-atsvc0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-devel\", rpm:\"libdcerpc-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr-devel\", rpm:\"libdcerpc-samr-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0\", rpm:\"libdcerpc-samr0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo\", rpm:\"libdcerpc-samr0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec-devel\", rpm:\"libgensec-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0\", rpm:\"libgensec0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo\", rpm:\"libgensec0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-devel\", rpm:\"libndr-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac-devel\", rpm:\"libndr-krb5pac-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt-devel\", rpm:\"libndr-nbt-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard-devel\", rpm:\"libndr-standard-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb-devel\", rpm:\"libpdb-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0\", rpm:\"libpdb0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-debuginfo\", rpm:\"libpdb0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry-devel\", rpm:\"libregistry-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0\", rpm:\"libregistry0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo\", rpm:\"libregistry0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials-devel\", rpm:\"libsamba-credentials-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig-devel\", rpm:\"libsamba-hostconfig-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy-devel\", rpm:\"libsamba-policy-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0\", rpm:\"libsamba-policy0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo\", rpm:\"libsamba-policy0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util-devel\", rpm:\"libsamba-util-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb-devel\", rpm:\"libsamdb-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw-devel\", rpm:\"libsmbclient-raw-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0\", rpm:\"libsmbclient-raw0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo\", rpm:\"libsmbclient-raw0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf-devel\", rpm:\"libsmbconf-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap-devel\", rpm:\"libsmbldap-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbsharemodes0-debuginfo\", rpm:\"libsmbsharemodes0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util-devel\", rpm:\"libtevent-util-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-core-devel\", rpm:\"samba-core-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-pidl\", rpm:\"samba-pidl~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python\", rpm:\"samba-python~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python-debuginfo\", rpm:\"samba-python-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test\", rpm:\"samba-test~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test-debuginfo\", rpm:\"samba-test-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test-devel\", rpm:\"samba-test-devel~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0-32bit\", rpm:\"libdcerpc-atsvc0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-atsvc0-debuginfo-32bit\", rpm:\"libdcerpc-atsvc0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-32bit\", rpm:\"libdcerpc-samr0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo-32bit\", rpm:\"libdcerpc-samr0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-32bit\", rpm:\"libgensec0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo-32bit\", rpm:\"libgensec0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-32bit\", rpm:\"libpdb0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-debuginfo-32bit\", rpm:\"libpdb0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-32bit\", rpm:\"libregistry0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo-32bit\", rpm:\"libregistry0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-32bit\", rpm:\"libsamba-policy0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo-32bit\", rpm:\"libsamba-policy0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-32bit\", rpm:\"libsmbclient-raw0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo-32bit\", rpm:\"libsmbclient-raw0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.1.23~31.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2017-07-24T12:54:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2015-5252", "CVE-2016-0771"], "description": "Several vulnerabilities have been discovered\nin Samba, a SMB/CIFS file, print, and login server for Unix.The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2015-7560\nJeremy Allison of Google, Inc. and the Samba Team discovered that\nSamba incorrectly handles getting and setting ACLs on a symlink\npath. An authenticated malicious client can use SMB1 UNIX extensions\nto create a symlink to a file or directory, and then use non-UNIX\nSMB1 calls to overwrite the contents of the ACL on the file or\ndirectory linked to.\n\nCVE-2016-0771\nGarming Sam and Douglas Bagnall of Catalyst IT discovered that Samba\nis vulnerable to an out-of-bounds read issue during DNS TXT record\nhandling, if Samba is deployed as an AD DC and chosen to run the\ninternal DNS server. A remote attacker can exploit this flaw to\ncause a denial of service (Samba crash), or potentially, to allow\nleakage of memory from the server in the form of a DNS TXT reply.\n\nAdditionally this update includes a fix for a regression introduced due\nto the upstream fix for CVE-2015-5252\nin DSA-3433-1 in setups where the\nshare path is ", "modified": "2017-07-07T00:00:00", "published": "2016-03-12T00:00:00", "id": "OPENVAS:703514", "href": "http://plugins.openvas.org/nasl.php?oid=703514", "type": "openvas", "title": "Debian Security Advisory DSA 3514-1 (samba - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3514.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3514-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703514);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-5252\", \"CVE-2015-7560\", \"CVE-2016-0771\");\n script_name(\"Debian Security Advisory DSA 3514-1 (samba - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-03-12 00:00:00 +0100 (Sat, 12 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3514.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"samba on Debian Linux\");\n script_tag(name: \"insight\", value: \"Samba is an implementation of the\nSMB/CIFS protocol for Unix systems, providing support for cross-platform file\nand printer sharing with Microsoft Windows, OS X, and other Unix systems. Samba\ncan also function as an NT4-style domain controller, and can integrate with both\nNT4 domains and Active Directory realms as a member server.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 2:3.6.6-6+deb7u7. The oldstable distribution\n(wheezy) is not affected by CVE-2016-0771\n.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.17+dfsg-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.3.6+dfsg-1.\n\nWe recommend that you upgrade your samba packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been discovered\nin Samba, a SMB/CIFS file, print, and login server for Unix.The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2015-7560\nJeremy Allison of Google, Inc. and the Samba Team discovered that\nSamba incorrectly handles getting and setting ACLs on a symlink\npath. An authenticated malicious client can use SMB1 UNIX extensions\nto create a symlink to a file or directory, and then use non-UNIX\nSMB1 calls to overwrite the contents of the ACL on the file or\ndirectory linked to.\n\nCVE-2016-0771\nGarming Sam and Douglas Bagnall of Catalyst IT discovered that Samba\nis vulnerable to an out-of-bounds read issue during DNS TXT record\nhandling, if Samba is deployed as an AD DC and chosen to run the\ninternal DNS server. A remote attacker can exploit this flaw to\ncause a denial of service (Samba crash), or potentially, to allow\nleakage of memory from the server in the form of a DNS TXT reply.\n\nAdditionally this update includes a fix for a regression introduced due\nto the upstream fix for CVE-2015-5252\nin DSA-3433-1 in setups where the\nshare path is '/'.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss-winbind:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-winbind:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-smbpass:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-smbpass:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-winbind:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-winbind:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libparse-pidl-perl\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient-dev:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient-dev:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbsharemodes-dev:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbsharemodes-dev:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbsharemodes0:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbsharemodes0:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient-dev:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient-dev:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient0:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient0:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-samba\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"registry-tools\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-dev\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-libs:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-libs:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-testsuite\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-vfs-modules\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-winbind:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss-winbind:i386\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-smbpass:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-smbpass:i386\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-winbind:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpam-winbind:i386\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient:i386\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient-dev:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmbclient-dev:i386\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient-dev:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient-dev:i386\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient0:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwbclient0:i386\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-doc-pdf\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"samba-tools\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:3.6.6-6+deb7u7\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:35:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2015-5252", "CVE-2016-0771"], "description": "Several vulnerabilities have been discovered\nin Samba, a SMB/CIFS file, print, and login server for Unix.The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2015-7560\nJeremy Allison of Google, Inc. and the Samba Team discovered that\nSamba incorrectly handles getting and setting ACLs on a symlink\npath. An authenticated malicious client can use SMB1 UNIX extensions\nto create a symlink to a file or directory, and then use non-UNIX\nSMB1 calls to overwrite the contents of the ACL on the file or\ndirectory linked to.\n\nCVE-2016-0771\nGarming Sam and Douglas Bagnall of Catalyst IT discovered that Samba\nis vulnerable to an out-of-bounds read issue during DNS TXT record\nhandling, if Samba is deployed as an AD DC and chosen to run the\ninternal DNS server. A remote attacker can exploit this flaw to\ncause a denial of service (Samba crash), or potentially, to allow\nleakage of memory from the server in the form of a DNS TXT reply.\n\nAdditionally this update includes a fix for a regression introduced due\nto the upstream fix for CVE-2015-5252\nin DSA-3433-1 in setups where the\nshare path is ", "modified": "2019-03-18T00:00:00", "published": "2016-03-12T00:00:00", "id": "OPENVAS:1361412562310703514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703514", "type": "openvas", "title": "Debian Security Advisory DSA 3514-1 (samba - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3514.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3514-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703514\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-5252\", \"CVE-2015-7560\", \"CVE-2016-0771\");\n script_name(\"Debian Security Advisory DSA 3514-1 (samba - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-12 00:00:00 +0100 (Sat, 12 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3514.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|7)\");\n script_tag(name:\"affected\", value:\"samba on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 2:3.6.6-6+deb7u7. The oldstable distribution\n(wheezy) is not affected by CVE-2016-0771\n.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.17+dfsg-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.3.6+dfsg-1.\n\nWe recommend that you upgrade your samba packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered\nin Samba, a SMB/CIFS file, print, and login server for Unix.The Common\nVulnerabilities and Exposures project identifies the following issues:\n\nCVE-2015-7560\nJeremy Allison of Google, Inc. and the Samba Team discovered that\nSamba incorrectly handles getting and setting ACLs on a symlink\npath. An authenticated malicious client can use SMB1 UNIX extensions\nto create a symlink to a file or directory, and then use non-UNIX\nSMB1 calls to overwrite the contents of the ACL on the file or\ndirectory linked to.\n\nCVE-2016-0771\nGarming Sam and Douglas Bagnall of Catalyst IT discovered that Samba\nis vulnerable to an out-of-bounds read issue during DNS TXT record\nhandling, if Samba is deployed as an AD DC and chosen to run the\ninternal DNS server. A remote attacker can exploit this flaw to\ncause a denial of service (Samba crash), or potentially, to allow\nleakage of memory from the server in the form of a DNS TXT reply.\n\nAdditionally this update includes a fix for a regression introduced due\nto the upstream fix for CVE-2015-5252\nin DSA-3433-1 in setups where the\nshare path is '/'.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libnss-winbind:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-winbind:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-smbpass:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-smbpass:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-winbind:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-winbind:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libparse-pidl-perl\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbsharemodes-dev:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbsharemodes-dev:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbsharemodes0:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbsharemodes0:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient-dev:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient-dev:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-samba\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"registry-tools\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dev\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-libs:amd64\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-libs:i386\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-testsuite\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-vfs-modules\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:4.1.17+dfsg-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-winbind:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-winbind:i386\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-smbpass:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-smbpass:i386\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-winbind:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-winbind:i386\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient:i386\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev:i386\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient-dev:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient-dev:i386\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0:amd64\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0:i386\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc-pdf\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-tools\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:3.6.6-6+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2013-0214", "CVE-2013-0213", "CVE-2016-0771"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-03-10T00:00:00", "id": "OPENVAS:1361412562310842679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842679", "type": "openvas", "title": "Ubuntu Update for samba USN-2922-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for samba USN-2922-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842679\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-10 06:16:57 +0100 (Thu, 10 Mar 2016)\");\n script_cve_id(\"CVE-2015-7560\", \"CVE-2016-0771\", \"CVE-2013-0213\", \"CVE-2013-0214\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for samba USN-2922-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jeremy Allison discovered that Samba\n incorrectly handled ACLs on symlink paths. A remote attacker could use this\n issue to overwrite the ownership of ACLs using symlinks. (CVE-2015-7560)\n\n Garming Sam and Douglas Bagnall discovered that the Samba internal DNS\n server incorrectly handled certain DNS TXT records. A remote attacker could\n use this issue to cause Samba to crash, resulting in a denial of service,\n or possibly obtain uninitialized memory contents. This issue only applied\n to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771)\n\n It was discovered that the Samba Web Administration Tool (SWAT) was\n vulnerable to clickjacking and cross-site request forgery attacks. This\n issue only affected Ubuntu 12.04 LTS. (CVE-2013-0213, CVE-2013-0214)\");\n script_tag(name:\"affected\", value:\"samba on Ubuntu 15.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2922-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2922-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|15\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.1.6+dfsg-1ubuntu2.14.04.13\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:3.6.3-2ubuntu2.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"swat\", ver:\"2:3.6.3-2ubuntu2.17\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.1.17+dfsg-4ubuntu3.3\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161006", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2016-1006)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1006\");\n script_version(\"2020-01-23T10:37:21+0000\");\n script_cve_id(\"CVE-2015-7560\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:37:21 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:37:21 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2016-1006)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1006\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1006\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'samba' package(s) announced via the EulerOS-SA-2016-1006 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560)\");\n\n script_tag(name:\"affected\", value:\"'samba' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient\", rpm:\"libwbclient~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-libs\", rpm:\"samba-client-libs~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-common-libs\", rpm:\"samba-common-libs~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-common-tools\", rpm:\"samba-common-tools~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python\", rpm:\"samba-python~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-modules\", rpm:\"samba-winbind-modules~4.2.3~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-03-16T00:00:00", "id": "OPENVAS:1361412562310871573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871573", "type": "openvas", "title": "RedHat Update for samba4 RHSA-2016:0449-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for samba4 RHSA-2016:0449-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871573\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-16 06:09:11 +0100 (Wed, 16 Mar 2016)\");\n script_cve_id(\"CVE-2015-7560\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for samba4 RHSA-2016:0449-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of\nthe Server Message Block (SMB) or Common Internet File System (CIFS) protocol,\nwhich allows PC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the way Samba handled ACLs on symbolic links.\nAn authenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this issue.\nUpstream acknowledges Jeremy Allison (Google) and the Samba team as the\noriginal reporters.\n\nAll samba4 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, the smb service will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"samba4 on Red Hat Enterprise Linux\nDesktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0449-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-March/msg00043.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba4\", rpm:\"samba4~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-client\", rpm:\"samba4-client~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-common\", rpm:\"samba4-common~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc\", rpm:\"samba4-dc~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-dc-libs\", rpm:\"samba4-dc-libs~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-debuginfo\", rpm:\"samba4-debuginfo~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-devel\", rpm:\"samba4-devel~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-libs\", rpm:\"samba4-libs~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-pidl\", rpm:\"samba4-pidl~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-python\", rpm:\"samba4-python~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-swat\", rpm:\"samba4-swat~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-test\", rpm:\"samba4-test~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind\", rpm:\"samba4-winbind~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-clients\", rpm:\"samba4-winbind-clients~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba4-winbind-krb5-locator\", rpm:\"samba4-winbind-krb5-locator~4.0.0~68.el6_7.rc4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "description": "This host is running Samba and is prone\n to overwrite ACLs vulnerability.", "modified": "2018-10-17T00:00:00", "published": "2016-04-06T00:00:00", "id": "OPENVAS:1361412562310807711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807711", "type": "openvas", "title": "Samba Overwrite ACLs Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_samba_overwrite_acl_vuln.nasl 11938 2018-10-17 10:08:39Z asteins $\n#\n# Samba Overwrite ACLs Vulnerability\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:samba:samba\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807711\");\n script_version(\"$Revision: 11938 $\");\n script_cve_id(\"CVE-2015-7560\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-17 12:08:39 +0200 (Wed, 17 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-06 16:24:53 +0530 (Wed, 06 Apr 2016)\");\n script_name(\"Samba Overwrite ACLs Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"smb_nativelanman.nasl\", \"gb_samba_detect.nasl\");\n script_mandatory_keys(\"samba/smb_or_ssh/detected\");\n\n script_tag(name:\"summary\", value:\"This host is running Samba and is prone\n to overwrite ACLs vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an improper handling\n of the request, a UNIX SMB1 call, to create a symlink.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a remote\n attacker to gain access to an arbitrary file or directory by overwriting its\n ACL.\");\n\n script_tag(name:\"affected\", value:\"Samba versions 3.2.x and 4.x before 4.1.23,\n 4.2.x before 4.2.9, 4.3.x before 4.3.6 and 4.4.x before 4.4.0rc4.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Samba version 4.1.23 or 4.2.9\n or 4.3.6 or 4.4.0rc4 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.samba.org/samba/security/CVE-2015-7560.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\nvers = infos['version'];\nloc = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"3.2.0\", test_version2:\"4.1.22\" ) ) {\n fix = \"4.1.23\";\n VULN = TRUE ;\n} else if( version_in_range( version:vers, test_version:\"4.2.0\", test_version2:\"4.2.8\" ) ) {\n fix = \"4.2.9\";\n VULN = TRUE ;\n} else if( version_in_range( version:vers, test_version:\"4.3.0\", test_version2:\"4.3.5\" ) ) {\n fix = \"4.3.6\";\n VULN = TRUE ;\n} else if( version_in_range( version:vers, test_version:\"4.4.0\", test_version2:\"4.4.0rc3\" ) ) {\n fix = \"4.4.0rc4\";\n VULN = TRUE ;\n}\n\nif( VULN ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix, install_path:loc );\n security_message( data:report, port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "description": "Check the version of ctdb", "modified": "2019-03-08T00:00:00", "published": "2016-03-16T00:00:00", "id": "OPENVAS:1361412562310882422", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882422", "type": "openvas", "title": "CentOS Update for ctdb CESA-2016:0448 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ctdb CESA-2016:0448 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882422\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-16 06:09:36 +0100 (Wed, 16 Mar 2016)\");\n script_cve_id(\"CVE-2015-7560\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ctdb CESA-2016:0448 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of ctdb\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the way Samba handled ACLs on symbolic links.\nAn authenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this issue.\nUpstream acknowledges Jeremy Allison (Google) and the Samba team as the\noriginal reporters.\n\nAll samba users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, the smb service will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"ctdb on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0448\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-March/021732.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ctdb\", rpm:\"ctdb~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ctdb-devel\", rpm:\"ctdb-devel~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ctdb-tests\", rpm:\"ctdb-tests~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient\", rpm:\"libsmbclient~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient\", rpm:\"libwbclient~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-client-libs\", rpm:\"samba-client-libs~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common\", rpm:\"samba-common~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common-libs\", rpm:\"samba-common-libs~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-common-tools\", rpm:\"samba-common-tools~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-dc\", rpm:\"samba-dc~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-dc-libs\", rpm:\"samba-dc-libs~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-pidl\", rpm:\"samba-pidl~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-python\", rpm:\"samba-python~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-test\", rpm:\"samba-test~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-test-devel\", rpm:\"samba-test-devel~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-test-libs\", rpm:\"samba-test-libs~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-vfs-glusterfs\", rpm:\"samba-vfs-glusterfs~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-clients\", rpm:\"samba-winbind-clients~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-krb5-locator\", rpm:\"samba-winbind-krb5-locator~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"samba-winbind-modules\", rpm:\"samba-winbind-modules~4.2.3~12.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-04-11T00:00:00", "id": "OPENVAS:1361412562310807320", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807320", "type": "openvas", "title": "Fedora Update for samba FEDORA-2016-4", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for samba FEDORA-2016-4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807320\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-11 14:52:20 +0200 (Mon, 11 Apr 2016)\");\n script_cve_id(\"CVE-2015-7560\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for samba FEDORA-2016-4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"samba on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-March/180000.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.4.0~0.7.rc4.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-01-31T18:35:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-03-19T00:00:00", "id": "OPENVAS:1361412562310851246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851246", "type": "openvas", "title": "SUSE: Security Advisory for samba (SUSE-SU-2016:0814-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851246\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-03-19 06:18:14 +0100 (Sat, 19 Mar 2016)\");\n script_cve_id(\"CVE-2015-7560\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for samba (SUSE-SU-2016:0814-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for samba fixes the following issues:\n\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target. (bso#11648 bsc#968222)\n\n Also the following bugs were fixed:\n\n - Add quotes around path of update-apparmor-samba-profile (bsc#962177).\n\n - Prevent access denied if the share path is '/' (bso#11647)\n (bsc#960249).\n\n - Ensure samlogon fallback requests are rerouted after kerberos failure\n (bsc#953382).\n\n - samba: winbind crash - netlogon_creds_client_authenticator\n (bsc#953972).\");\n\n script_tag(name:\"affected\", value:\"samba on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:0814-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-32bit\", rpm:\"libgensec0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0\", rpm:\"libgensec0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo-32bit\", rpm:\"libgensec0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo\", rpm:\"libgensec0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-32bit\", rpm:\"libpdb0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0\", rpm:\"libpdb0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-debuginfo-32bit\", rpm:\"libpdb0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-debuginfo\", rpm:\"libpdb0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0\", rpm:\"libregistry0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo\", rpm:\"libregistry0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-32bit\", rpm:\"libsmbclient-raw0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0\", rpm:\"libsmbclient-raw0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo-32bit\", rpm:\"libsmbclient-raw0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo\", rpm:\"libsmbclient-raw0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.1.12~18.8.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0\", rpm:\"libgensec0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo\", rpm:\"libgensec0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0\", rpm:\"libpdb0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-debuginfo\", rpm:\"libpdb0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0\", rpm:\"libregistry0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libregistry0-debuginfo\", rpm:\"libregistry0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0\", rpm:\"libsmbclient-raw0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo\", rpm:\"libsmbclient-raw0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-32bit\", rpm:\"libgensec0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libgensec0-debuginfo-32bit\", rpm:\"libgensec0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-32bit\", rpm:\"libpdb0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpdb0-debuginfo-32bit\", rpm:\"libpdb0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-32bit\", rpm:\"libsmbclient-raw0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-raw0-debuginfo-32bit\", rpm:\"libsmbclient-raw0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-32bit\", rpm:\"samba-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo-32bit\", rpm:\"samba-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.1.12~18.8.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T11:27:16", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "description": "This update for samba fixes the following issues:\n\n Version update to 4.1.23.\n + Getting and setting Windows ACLs on symlinks can change permissions on\n link target; CVE-2015-7560; (bso#11648); (boo#968222).\n + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;\n (bso#11128); (bso#11686); (boo#968223).\n\n Also fixed:\n - Ensure samlogon fallback requests are rerouted after kerberos failure;\n (bnc#953382); (bnc#953972).\n\n", "edition": 1, "modified": "2016-03-18T14:12:36", "published": "2016-03-18T14:12:36", "id": "OPENSUSE-SU-2016:0813-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00063.html", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:50:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "This update for samba fixes the following issues:\n\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target. (bso#11648 bsc#968222)\n\n Also the following bugs were fixed:\n - Add quotes around path of update-apparmor-samba-profile; (bsc#962177).\n - Prevent access denied if the share path is "/"; (bso#11647);\n (bsc#960249).\n - Ensure samlogon fallback requests are rerouted after kerberos failure;\n (bsc#953382).\n - samba: winbind crash -> netlogon_creds_client_authenticator;\n (bsc#953972).\n\n", "edition": 1, "modified": "2016-03-18T14:13:43", "published": "2016-03-18T14:13:43", "id": "SUSE-SU-2016:0814-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00064.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:43:58", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "This update for the samba server fixes the following issues:\n\n Security issue fixed:\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target; (bso#11648); (bsc#968222).\n\n Other bugs fixed:\n - Enable clustering (CTDB) support; (bsc#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (bsc#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make "hide dot files" option work with "store dos attributes =\n yes"; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Add quotes around path of update-apparmor-samba-profile; (bsc#962177).\n - Prevent access denied if the share path is "/"; (bso#11647);\n (bsc#960249).\n - Ensure samlogon fallback requests are rerouted after kerberos failure;\n (bsc#953972).\n - samba: winbind crash -> netlogon_creds_client_authenticator; (bsc#953972)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "edition": 1, "modified": "2016-03-24T15:09:29", "published": "2016-03-24T15:09:29", "id": "OPENSUSE-SU-2016:0877-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00090.html", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:38:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "This update for samba fixes the following issues:\n\n Security issue fixed:\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target; (bso#11648); (bsc#968222).\n\n Bug fixed:\n - Fix leaking memory in libsmbclient: Add missing talloc stackframe;\n (bso#11177); (bsc#967017).\n\n", "edition": 1, "modified": "2016-03-21T14:12:37", "published": "2016-03-21T14:12:37", "id": "SUSE-SU-2016:0837-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00081.html", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:13:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "This update for samba fixes the following issues:\n\n Security issue fixed:\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target; (bso#11648); (bsc#968222).\n\n Bugs fixed:\n - Fix leaking memory in libsmbclient: Add missing talloc stackframe;\n (bso#11177); (bsc#967017).\n - Ensure samlogon fallback requests are rerouted after kerberos failure;\n (bsc#953382).\n - Ensure attempt to ssh into locked account triggers "Your account is\n disabled....." to the console; (bsc#953382).\n - Make the winbind package depend on the matching libwbclient version and\n vice versa; (bsc#936909).\n\n", "edition": 1, "modified": "2016-03-29T17:07:14", "published": "2016-03-29T17:07:14", "id": "SUSE-SU-2016:0905-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00092.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:56:09", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "This update for the samba server fixes the following issues:\n\n Security issue fixed:\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target; (bso#11648); (bsc#968222).\n\n Other bugs fixed:\n - Enable clustering (CTDB) support; (bsc#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (bsc#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make "hide dot files" option work with "store dos attributes =\n yes"; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Add quotes around path of update-apparmor-samba-profile; (bsc#962177).\n - Prevent access denied if the share path is "/"; (bso#11647);\n (bsc#960249).\n - Ensure samlogon fallback requests are rerouted after kerberos failure;\n (bsc#953972).\n - samba: winbind crash -> netlogon_creds_client_authenticator; (bsc#953972)\n\n", "edition": 1, "modified": "2016-03-18T14:19:21", "published": "2016-03-18T14:19:21", "id": "SUSE-SU-2016:0816-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00065.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T11:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5330", "CVE-2016-2112", "CVE-2016-2118", "CVE-2015-3223", "CVE-2015-7560", "CVE-2015-5296", "CVE-2015-8467", "CVE-2015-5252", "CVE-2016-2110", "CVE-2016-2113", "CVE-2015-0240", "CVE-2016-2115", "CVE-2014-8143", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "description": "samba was updated to version 4.2.4 to fix 14 security issues.\n\n These security issues were fixed:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n - CVE-2015-3223: Malicious request can cause Samba LDAP server to hang,\n spinning using CPU (boo#958581).\n - CVE-2015-5330: Remote read memory exploit in LDB (boo#958586).\n - CVE-2015-5252: Insufficient symlink verification (file access outside\n the share)(boo#958582).\n - CVE-2015-5296: No man in the middle protection when forcing smb\n encryption on the client side (boo#958584).\n - CVE-2015-5299: Currently the snapshot browsing is not secure thru\n windows previous version (shadow_copy2) (boo#958583).\n - CVE-2015-8467: Fix Microsoft MS15-096 to prevent machine accounts from\n being changed into user accounts (boo#958585).\n - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change\n permissions on link target (boo#968222).\n\n These non-security issues were fixed:\n - Fix samba.tests.messaging test and prevent potential tdb corruption by\n removing obsolete now invalid tdb_close call; (boo#974629).\n - Align fsrvp feature sources with upstream version.\n - Obsolete libsmbsharemodes0 from samba-libs and libsmbsharemodes-devel\n from samba-core-devel; (boo#973832).\n - s3:utils/smbget: Fix recursive download; (bso#6482).\n - s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem\n with no ACL support; (bso#10489).\n - docs: Add example for domain logins to smbspool man page; (bso#11643).\n - s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).\n - loadparm: Fix memory leak issue; (bso#11708).\n - lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).\n - ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";\n (bso#11719).\n - s3:smbd:open: Skip redundant call to file_set_dosmode when creating a\n new file; (bso#11727).\n - param: Fix str_list_v3 to accept ";" again; (bso#11732).\n - Real memeory leak(buildup) issue in loadparm; (bso#11740).\n - Obsolete libsmbclient from libsmbclient0 and libpdb-devel from\n libsamba-passdb-devel while not providing it; (boo#972197).\n - Upgrade on-disk FSRVP server state to new version; (boo#924519).\n - Only obsolete but do not provide gplv2/3 package names; (boo#968973).\n - Enable clustering (CTDB) support; (boo#966271).\n - s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);\n (boo#964023).\n - vfs_fruit: Fix renaming directories with open files; (bso#11065).\n - Fix MacOS finder error 36 when copying folder to Samba; (bso#11347).\n - s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;\n (bso#11400).\n - Fix copying files with vfs_fruit when using vfs_streams_xattr without\n stream prefix and type suffix; (bso#11466).\n - s3:libsmb: Correctly initialize the list head when keeping a list of\n primary followed by DFS connections; (bso#11624).\n - Reduce the memory footprint of empty string options; (bso#11625).\n - lib/async_req: Do not install async_connect_send_test; (bso#11639).\n - docs: Fix typos in man vfs_gpfs; (bso#11641).\n - smbd: make "hide dot files" option work with "store dos attributes =\n yes"; (bso#11645).\n - smbcacls: Fix uninitialized variable; (bso#11682).\n - s3:smbd: Ignore initial allocation size for directory creation;\n (bso#11684).\n - Changing log level of two entries to from 1 to 3; (bso#9912).\n - vfs_gpfs: Re-enable share modes; (bso#11243).\n - wafsamba: Also build libraries with RELRO protection; (bso#11346).\n - ctdb: Strip trailing spaces from nodes file; (bso#11365).\n - s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute\n type of zero; (bso#11452).\n - nss_wins: Do not run into use after free issues when we access memory\n allocated on the globals and the global being reinitialized; (bso#11563).\n - async_req: Fix non-blocking connect(); (bso#11564).\n - auth: gensec: Fix a memory leak; (bso#11565).\n - lib: util: Make non-critical message a warning; (bso#11566).\n - Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);\n (boo#949022).\n - smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).\n - ctdb: Open the RO tracking db with perms 0600 instead of 0000;\n (bso#11577).\n - manpage: Correct small typo error; (bso#11584).\n - s3: smbd: If EA's are turned off on a share don't allow an SMB2 create\n containing them; (bso#11589).\n - Backport some valgrind fixes from upstream master; (bso#11597).\n - s3: smbd: have_file_open_below() fails to enumerate open files below an\n open directory handle; (bso#11615).\n - docs: Fix some typos in the idmap config section of man 5 smb.conf;\n (bso#11619).\n - Remove redundant configure options while adding with-relro.\n - s3: smbd: Fix our access-based enumeration on "hide unreadable" to match\n Windows; (bso#10252).\n - smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).\n - kerberos: Make sure we only use prompter type when available;\n (bso#11038).\n - s3:ctdbd_conn: Make sure we destroy tevent_fd before closing the socket;\n (bso#11316).\n - dcerpc.idl: accept invalid dcerpc_bind_nak pdus; (bso#11327).\n - Fix a deadlock in tdb; (bso#11381).\n - s3: smbd: Fix mkdir race condition; (bso#11486).\n - pam_winbind: Fix a segfault if initialization fails; (bso#11502).\n - s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).\n - s3: smbd: Fix opening/creating :stream files on the root share\n directory; (bso#11522).\n - net: Fix a crash with 'net ads keytab create'; (bso#11528).\n - s3: smbd: Fix a crash in unix_convert() and a NULL pointer bug\n introduced by previous 'raw' stream fix (bso#11522); (bso#11535).\n - vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).\n - vfs_commit: Set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).\n - Fix bug in smbstatus where the lease info is not printed; (bso#11549).\n - s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).\n - Relocate the tmpfiles.d directory to the client package; (boo#947552).\n - Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf\n instead; (boo#942716).\n - Package /var/lib/samba/private/sock with 0700 permissions; (boo#946051).\n - auth/credentials: If credentials have principal set, they are not\n anonymous anymore; (bso#11265).\n - Fix stream names with colon with "fruit:encoding = native"; (bso#11278).\n - s4:rpc_server/netlogon: Fix for NetApp; (bso#11291).\n - lib: Fix rundown of open_socket_out(); (bso#11316).\n - s3:lib: Fix some corner cases of open_socket_out_cleanup(); (bso#11316).\n - vfs:fruit: Implement copyfile style copy_chunk; (bso#11317).\n - ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM;\n (bso#11398).\n - ctdb-scripts: Support monitoring of interestingly named VLANs on bonds;\n (bso#11399).\n - ctdb-daemon: Improve error handling for running event scripts;\n (bso#11431).\n - ctdb-daemon: Check if updates are in flight when releasing all IPs;\n (bso#11432).\n - ctdb-build: Fix building of PCP PMDA module; (bso#11435).\n - Backport dcesrv_netr_DsRGetDCNameEx2 fixes; (bso#11454).\n - vfs_fruit: Handling of empty resource fork; (bso#11467).\n - Avoid quoting problems in user's DNs; (bso#11488).\n - s3-auth: Fix "map to guest = Bad uid"; (bso#9862).\n - s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).\n - s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).\n - winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).\n - Logon via MS Remote Desktop hangs; (bso#11061).\n - s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).\n - tevent: Add a note to tevent_add_fd(); (bso#11141).\n - s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).\n - s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).\n - smbd: Fix a use-after-free; (bso#11218); (boo#919309).\n - s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;\n (bso#11245).\n - s3:smb2: Add padding to last command in compound requests; (bso#11277).\n - Add IPv6 support to ADS client side LDAP connects; (bso#11281).\n - Add IPv6 support for determining FQDN during ADS join; (bso#11282).\n - s3: IPv6 enabled DNS connections for ADS client; (bso#11283).\n - Fix invalid write in ctdb_lock_context_destructor; (bso#11293).\n - Excessive cli_resolve_path() usage can slow down transmission;\n (bso#11295).\n - vfs_fruit: Add option "veto_appledouble"; (bso#11305).\n - tstream: Make socketpair nonblocking; (bso#11312).\n - idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).\n - Group creation: Add msSFU30Name only when --nis-domain was given;\n (bso#11315).\n - tevent_fd needs to be destroyed before closing the fd; (bso#11316).\n - Build fails on Solaris 11 with "\u00c3\u00a2\u00c2\u0080\u00c2\u0098PTHREAD_MUTEX_ROBUST\u00c3\u00a2\u00c2\u0080\u00c2\u0099 undeclared";\n (bso#11319).\n - smbd/trans2: Add a useful diagnostic for files with bad encoding;\n (bso#11323).\n - Change sharesec output back to previous format; (bso#11324).\n - Robust mutex support broken in 1.3.5; (bso#11326).\n - Kerberos auth info3 should contain resource group ids available from\n pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info\n exists in PAC; (bso#11328); (boo#912457).\n - s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).\n - tevent: Fix CID 1035381 Unchecked return value; (bso#11330).\n - tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).\n - s3: smbd: Use separate flag to track become_root()/unbecome_root()\n state; (bso#11339).\n - s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).\n - pidl: Make the compilation of PIDL producing the same results if the\n content hasn't change; (bso#11356).\n - winbindd: Disconnect child process if request is cancelled at main\n process; (bso#11358).\n - vfs_fruit: Check offset and length for AFP_AfpInfo read requests;\n (bso#11363).\n - docs: Overhaul the description of "smb encrypt" to include SMB3\n encryption; (bso#11366).\n - s3:auth_domain: Fix talloc problem in\n connect_to_domain_password_server(); (bso#11367).\n - ncacn_http: Fix GNUism; (bso#11371).\n - Backport changes to use resource group sids obtained from pac\n logon_info; (bso#11328); (boo#912457).\n - Order winbind.service Before and Want nss-user-lookup target.\n - s3:smbXsrv: refactor duplicate code into\n smbXsrv_session_clear_and_logoff(); (bso#11182).\n - gencache: don't fail gencache_stabilize if there were records to delete;\n (bso#11260).\n - s3: libsmbclient: After getting attribute server, ensure main srv\n pointer is still valid; (bso#11186).\n - s4: rpc: Refactor dcesrv_alter() function into setup and send steps;\n (bso#11236).\n - s3: smbd: Incorrect file size returned in the response of\n "FILE_SUPERSEDE Create"; (bso#11240).\n - Mangled names do not work with acl_xattr; (bso#11249).\n - nmbd rewrites browse.dat when not required; (bso#11254).\n - vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;\n (bso#11213).\n - s3:smbd: Add missing tevent_req_nterror; (bso#11224).\n - vfs: kernel_flock and named streams; (bso#11243).\n - vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).\n - s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses\n are used; (bso#11284).\n - ctdb: check for talloc_asprintf() failure; (bso#11201).\n - spoolss: purge the printer name cache on name change; (bso#11210);\n (boo#901813).\n - CTDB statd-callout does not scale; (bso#11204).\n - vfs_fruit: also map characters below 0x20; (bso#11221).\n - ctdb: Coverity fix for CID 1291643; (bso#11201).\n - Multiplexed RPC connections are not handled by DCERPC server;\n (bso#11225).\n - Fix terminate connection behavior for asynchronous endpoint with PUSH\n notification flavors; (bso#11226).\n - ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).\n - ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553;\n (bso#11201).\n - SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the\n directory is deleted; (bso#11257).\n - s3:winbindd: make sure we remove pending io requests before closing\n client\n - 'sharesec' output no longer matches input format; (bso#11237).\n - waf: Fix systemd detection; (bso#11200).\n - CTDB: Fix portability issues; (bso#11202).\n - CTDB: Fix some IPv6-related issues; (bso#11203).\n - CTDB statd-callout does not scale; (bso#11204).\n - 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you\n enter invalid values; (bso#11234).\n - libads: record service ticket endtime for sealed ldap connections;\n - lib/util: Include DEBUG macro in internal header files before\n samba_util.h; (bso#11033).\n - Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).\n - s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with\n servers that don't send the 2 unused fields; (bso#10016).\n - build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).\n - waf: Fix the build on openbsd; (bso#10476).\n - s3: client: "client use spnego principal = yes" code checks wrong name;\n - spoolss: Retrieve published printer GUID if not in registry; (bso#11018).\n - vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).\n - backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).\n - replace: Remove superfluous check for gcrypt header; (bso#11135).\n - Backport subunit changes; (bso#11137).\n - libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with\n implementation; (bso#11140).\n - s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).\n - talloc: Version 2.1.2; (bso#11144).\n - Update libwbclient version to 0.12; (bso#11149).\n - brlock: Use 0 instead of empty initializer list; (bso#11153).\n - s4:auth/gensec_gssapi: Let gensec_gssapi_update() return\n - backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).\n - Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).\n - Prevent samba package updates from disabling samba kerberos printing.\n - Add sparse file support for samba; (fate#318424).\n - Simplify libxslt build requirement and README.SUSE install.\n - Remove no longer required cleanup steps while populating the build root.\n - smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).\n - pam_winbind: fix warn_pwd_expire implementation; (bso#9056).\n - nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).\n - Make 'profiles' work again; (bso#9629).\n - s3:smb2_server: protect against integer wrap with "smb2 max credits =\n 65535"; (bso#9702).\n - Make validate_ldb of String(Generalized-Time) accept millisecond format\n ".000Z"; (bso#9810).\n - Use -R linker flag on Solaris, not -rpath; (bso#10112).\n - vfs: Add glusterfs manpage; (bso#10240).\n - Make 'smbclient' use cached creds; (bso#10279).\n - pdb: Fix build issues with shared modules; (bso#10355).\n - s4-dns: Add support for BIND 9.10; (bso#10620).\n - idmap: Return the correct id type to *id_to_sid methods; (bso#10720).\n - printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD;\n (bso#10808).\n - Don't build vfs_snapper on FreeBSD; (bso#10834).\n - nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).\n - idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).\n - s3: smb2cli: query info return length check was reversed; (bso#10848).\n - s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).\n - lib: uid_wrapper: Fix setgroups and syscall detection on a system\n without native uid_wrapper library; (bso#10851).\n - winbind3: Fix pwent variable substitution; (bso#10852).\n - Improve samba-regedit; (bso#10859).\n - registry: Don't leave dangling transactions; (bso#10860).\n - Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).\n - build: Do not install 'texpect' binary anymore; (bso#10862).\n - Fix testparm to show hidden share defaults; (bso#10864).\n - libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1\n max=PROTOCOL_SMB2_02; (bso#10866).\n - Integrate CTDB into top-level Samba build; (bso#10892).\n - samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).\n - s3-nmbd: Fix netbios name truncation; (bso#10896).\n - spoolss: Fix handling of bad EnumJobs levels; (bso#10898).\n - Fix smbclient loops doing a directory listing against Mac OS X 10 server\n with a non-wildcard path; (bso#10904).\n - Fix print job enumeration; (bso#10905); (boo#898031).\n - samba-tool: Create NIS enabled users and unixHomeDirectory attribute;\n (bso#10909).\n - Add support for SMB2 leases; (bso#10911).\n - btrfs: Don't leak opened directory handle; (bso#10918).\n - s3: nmbd: Ensure NetBIOS names are only 15 characters stored;\n (bso#10920).\n - s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).\n - pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).\n - s3-keytab: fix keytab array NULL termination; (bso#10933).\n - s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).\n - Cleanup add_string_to_array and usage; (bso#10942).\n - dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).\n - Fix RootDSE search with extended dn control; (bso#10949).\n - Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).\n - libcli/smb: only force signing of smb2 session setups when binding a new\n session; (bso#10958).\n - s3-smbclient: Return success if we listed the shares; (bso#10960).\n - s3-smbstatus: Fix exit code of profile output; (bso#10961).\n - socket_wrapper: Add missing prototype check for eventfd; (bso#10965).\n - libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows\n client does; (bso#10966).\n - vfs_streams_xattr: Check stream type; (bso#10971).\n - s3: smbd: Fix *allocate* calls to follow POSIX error return convention;\n (bso#10982).\n - vfs_fruit: Add support for AAPL; (bso#10983).\n - Fix spoolss IDL response marshalling when returning error without\n clearing info; (bso#10984).\n - dsdb-samldb: Check for extended access rights before we allow changes to\n userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).\n - Fix IPv6 support in CTDB; (bso#10996).\n - ctdb-daemon: Use correct tdb flags when enabling robust mutex support;\n (bso#11000).\n - vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).\n - s3-util: Fix authentication with long hostnames; (bso#11008).\n - ctdb-build: Fix build without xsltproc; (bso#11014).\n - packaging: Include CTDB man pages in the tarball; (bso#11014).\n - pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;\n (bso#11016).\n - Make Sharepoint search show user documents; (bso#11022).\n - nss_wrapper: check for nss.h; (bso#11026).\n - Enable mutexes in gencache_notrans.tdb; (bso#11032).\n - tdb_wrap: Make mutexes easier to use; (bso#11032).\n - lib/util: Avoid collision which alread defined consumer DEBUG macro;\n (bso#11033).\n - winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).\n - s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).\n - vfs_fruit: Fix base_fsp name conversion; (bso#11039).\n - vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).\n - Fix authentication using Kerberos (not AD); (bso#11044).\n - net: Fix sam addgroupmem; (bso#11051).\n - vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);\n (boo#913238).\n - cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).\n - utils: Fix 'net time' segfault; (bso#11058).\n - libsmb: Provide authinfo domain for encrypted session referrals;\n (bso#11059).\n - s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).\n - vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).\n - vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).\n - vfs_glusterfs: Implement AIO support; (bso#11069).\n - s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).\n - s3: netlogon: Ensure we don't call talloc_free on an uninitialized\n pointer; (bso#11077); CVE-2015-0240; (boo#917376).\n - vfs: Add a brief vfs_ceph manpage; (bso#11088).\n - s3: smbclient: Allinfo leaves the file handle open; (bso#11094).\n - Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;\n (bso#11097).\n - debug: Set close-on-exec for the main log file FD; (bso#11100).\n - s3: smbd: leases - losen paranoia check. Stat opens can grant leases;\n (bso#11102).\n - s3: smbd: SMB2 close. If a file has delete on close, store the return\n info before deleting; (bso#11104).\n - doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).\n - snprintf: Try to support %j; (bso#11119).\n - ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).\n - doc-xml: Add 'sharesec' reference to 'access based share enum';\n (bso#11127).\n - Fix usage of freed memory on server exit; (bso#11218); (boo#919309).\n - Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.\n - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and\n libhttp to the libs package; (boo#913547).\n - Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1;\n (fate#313346).\n\n", "edition": 1, "modified": "2016-04-17T15:11:14", "published": "2016-04-17T15:11:14", "id": "OPENSUSE-SU-2016:1064-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html", "title": "Security update for samba (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5330", "CVE-2016-2112", "CVE-2016-2118", "CVE-2013-4496", "CVE-2015-7560", "CVE-2016-2114", "CVE-2013-4408", "CVE-2015-5296", "CVE-2015-5252", "CVE-2016-2110", "CVE-2012-6150", "CVE-2016-2113", "CVE-2015-0240", "CVE-2016-2115", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "description": "This update fixes these security vulnerabilities:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2114: "server signing = mandatory" not enforced (bsc#973035).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions\n are no longer supported by upstream. As a side effect, libpdb0 package was\n replaced by libsamba-passdb0.\n\n", "edition": 1, "modified": "2016-04-20T12:07:48", "published": "2016-04-20T12:07:48", "id": "OPENSUSE-SU-2016:1106-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5330", "CVE-2016-2112", "CVE-2016-2118", "CVE-2013-4496", "CVE-2015-7560", "CVE-2016-2114", "CVE-2013-4408", "CVE-2015-5296", "CVE-2015-5252", "CVE-2016-2110", "CVE-2012-6150", "CVE-2016-2113", "CVE-2015-0240", "CVE-2016-2115", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "description": "This update fixes these security vulnerabilities:\n - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM\n attacks (bsc#936862).\n - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP\n authentication (bsc#973031).\n - CVE-2016-2111: Domain controller netlogon member computer could have\n been spoofed (bsc#973032).\n - CVE-2016-2112: LDAP conenctions were vulnerable to downgrade and MITM\n attack (bsc#973033).\n - CVE-2016-2113: TLS certificate validation were missing (bsc#973034).\n - CVE-2016-2114: "server signing = mandatory" not enforced (bsc#973035).\n - CVE-2016-2115: Named pipe IPC were vulnerable to MITM attacks\n (bsc#973036).\n - CVE-2016-2118: "Badlock" DCERPC impersonation of authenticated account\n were possible (bsc#971965).\n\n The openSUSE 13.1 update also upgrades to samba 4.2.4 as 4.1.x versions\n are no longer supported by upstream. As a side effect, libpdb0 package was\n replaced by libsamba-passdb0.\n\n", "edition": 1, "modified": "2016-04-20T12:11:11", "published": "2016-04-20T12:11:11", "id": "OPENSUSE-SU-2016:1107-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html", "type": "suse", "title": "Security update for samba (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:34", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "description": "New samba packages are available for Slackware 14.1 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/samba-4.1.23-i486-1_slack14.1.txz: Upgraded.\n This update fixes bugs, and two security issues:\n Incorrect ACL get/set allowed on symlink path (CVE-2015-7560).\n Out-of-bounds read in internal DNS server (CVE-2016-0771).\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7560\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0771\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/samba-4.1.23-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/samba-4.1.23-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.3.6-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.3.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\n283cb2636dd815191a6830a7d2df253b samba-4.1.23-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n6dfd6cf806829e2949fd669f0e1ec209 samba-4.1.23-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nc49f34d0ece3b0c867d3ab64f0fa1eb1 n/samba-4.3.6-i586-1.txz\n\nSlackware x86_64 -current package:\n1b3db192c34b7e12ea656ecc2042438b n/samba-4.3.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-4.1.23-i486-1_slack14.1.txz\n\nThen, if Samba is running restart it:\n\n > /etc/rc.d/rc.samba restart", "modified": "2016-03-08T21:14:43", "published": "2016-03-08T21:14:43", "id": "SSA-2016-068-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.357003", "type": "slackware", "title": "[slackware-security] samba", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-17T09:10:51", "description": "New samba packages are available for Slackware 14.1 and -current to\nfix security issues.", "edition": 24, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-09T00:00:00", "title": "Slackware 14.1 / current : samba (SSA:2016-068-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "modified": "2016-03-09T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:samba"], "id": "SLACKWARE_SSA_2016-068-02.NASL", "href": "https://www.tenable.com/plugins/nessus/89759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-068-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89759);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7560\", \"CVE-2016-0771\");\n script_xref(name:\"SSA\", value:\"2016-068-02\");\n\n script_name(english:\"Slackware 14.1 / current : samba (SSA:2016-068-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New samba packages are available for Slackware 14.1 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.357003\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f086d36\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.1\", pkgname:\"samba\", pkgver:\"4.1.23\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"samba\", pkgver:\"4.1.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"samba\", pkgver:\"4.3.6\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"samba\", pkgver:\"4.3.6\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-01-20T12:30:11", "description": "This update for samba fixes the following issues :\n\nVersion update to 4.1.23.\n\n + Getting and setting Windows ACLs on symlinks can change\n permissions on link target; CVE-2015-7560; (bso#11648);\n (boo#968222).\n\n + Fix Out-of-bounds read in internal DNS server;\n CVE-2016-0771; (bso#11128); (bso#11686); (boo#968223).\n\nAlso fixed :\n\n - Ensure samlogon fallback requests are rerouted after\n kerberos failure; (bnc#953382); (bnc#953972).", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-21T00:00:00", "title": "openSUSE Security Update : samba (openSUSE-2016-359)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "modified": "2016-03-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libpdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:libregistry0-32bit", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libgensec0", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw0", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libregistry-devel", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpdb0", "p-cpe:/a:novell:opensuse:libpdb-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libgensec-devel", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libpdb0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbsharemodes-devel", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:libsmbclient-raw-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libsmbsharemodes0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo", "p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test-devel", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo", "p-cpe:/a:novell:opensuse:libregistry0", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libsmbldap0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"], "id": "OPENSUSE-2016-359.NASL", "href": "https://www.tenable.com/plugins/nessus/90054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-359.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90054);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7560\", \"CVE-2016-0771\");\n\n script_name(english:\"openSUSE Security Update : samba (openSUSE-2016-359)\");\n script_summary(english:\"Check for the openSUSE-2016-359 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for samba fixes the following issues :\n\nVersion update to 4.1.23.\n\n + Getting and setting Windows ACLs on symlinks can change\n permissions on link target; CVE-2015-7560; (bso#11648);\n (boo#968222).\n\n + Fix Out-of-bounds read in internal DNS server;\n CVE-2016-0771; (bso#11128); (bso#11686); (boo#968223).\n\nAlso fixed :\n\n - Ensure samlogon fallback requests are rerouted after\n kerberos failure; (bnc#953382); (bnc#953972).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968223\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-atsvc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgensec0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libregistry0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-raw0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbsharemodes0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-atsvc0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-binding0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-binding0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc-samr0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libdcerpc0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libgensec0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-krb5pac0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-nbt0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr-standard0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libndr0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libnetapi0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpdb-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpdb0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpdb0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libregistry0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-credentials0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-hostconfig0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-policy0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamba-util0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsamdb0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient-raw0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbclient0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbconf0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbldap0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbsharemodes-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbsharemodes0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libsmbsharemodes0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libtevent-util0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient0-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libwbclient0-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-client-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-client-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-core-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-debugsource-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-libs-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-libs-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-pidl-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-python-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-python-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-test-devel-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-winbind-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"samba-winbind-debuginfo-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-atsvc0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgensec0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libgensec0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpdb0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpdb0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libregistry0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libregistry0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-policy0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient-raw0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.1.23-31.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.1.23-31.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libdcerpc-atsvc-devel / libdcerpc-atsvc0-32bit / libdcerpc-atsvc0 / etc\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-04-01T06:02:02", "description": "According to its banner, the version of Samba running on the remote\nhost is 3.2.x prior to 4.1.23, 4.2.x prior to 4.2.9, 4.3.x prior to\n4.3.6, or 4.4.0 prior to 4.4.0rc4. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A security bypass vulnerability exists in the SMB1\n implementation that is triggered when a symlink created\n to a file or directory using SMB1 UNIX extensions is\n accessed using non-UNIX SMB1 calls. An authenticated,\n remote attacker can exploit this to overwrite file and\n directory ACLs. (CVE-2015-7560)\n\n - An out-of-bounds read error exists in the internal DNS\n server due to improper handling of TXT records when an\n AD DC is configured. An authenticated, remote attacker\n can exploit this, via a crafted DNS TXT record, to cause\n a crash or disclose memory contents. (CVE-2016-0771)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 30, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"}, "published": "2016-03-23T00:00:00", "title": "Samba 3.2.x < 4.1.23 / 4.2.x < 4.2.9 / 4.3.x < 4.3.6 / 4.4.0 < 4.4.0rc4 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2016-0771"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_4_3_6.NASL", "href": "https://www.tenable.com/plugins/nessus/90098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90098);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2015-7560\", \"CVE-2016-0771\");\n\n script_name(english:\"Samba 3.2.x < 4.1.23 / 4.2.x < 4.2.9 / 4.3.x < 4.3.6 / 4.4.0 < 4.4.0rc4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Samba running on the remote\nhost is 3.2.x prior to 4.1.23, 4.2.x prior to 4.2.9, 4.3.x prior to\n4.3.6, or 4.4.0 prior to 4.4.0rc4. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A security bypass vulnerability exists in the SMB1\n implementation that is triggered when a symlink created\n to a file or directory using SMB1 UNIX extensions is\n accessed using non-UNIX SMB1 calls. An authenticated,\n remote attacker can exploit this to overwrite file and\n directory ACLs. (CVE-2015-7560)\n\n - An out-of-bounds read error exists in the internal DNS\n server due to improper handling of TXT records when an\n AD DC is configured. An authenticated, remote attacker\n can exploit this, via a crafted DNS TXT record, to cause\n a crash or disclose memory contents. (CVE-2016-0771)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2015-7560.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2016-0771.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.1.23.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.2.9.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.3.6.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 4.1.23 / 4.2.9 / 4.3.6 / 4.4.0rc4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0771\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/23\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nlanman = get_kb_item_or_exit(\"SMB/NativeLanManager\");\n\nif (\"Samba \" >!< lanman) audit(AUDIT_NOT_LISTEN, \"Samba\", port);\n\nversion = lanman - 'Samba ';\n\nif (version =~ \"^4(\\.[1-4])?$\" || version =~ \"^3$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"Samba\", port, version);\n\nfix = NULL;\n\nregexes = make_array(-1, \"rc(\\d+)\");\n\n# Affected :\n# 3.2.x < 4.1.23\n# 4.2.x < 4.2.9\n# 4.3.x < 4.3.6\n# 4.4.0 < 4.4.0rc4\nif (\n (\n version =~ \"^3\\.\" &&\n version !~ \"^3\\.[01]\\.\"\n ) ||\n version =~ \"^4\\.[01]\\.\"\n)\n fix = '4.1.23';\nif (version =~ \"^4\\.2\\.\")\n fix = '4.2.9';\nif (version =~ \"^4\\.3\\.\")\n fix = '4.3.6';\nif (version =~ \"^4\\.4\\.\")\n fix = '4.4.0rc4';\n\nif (ver_compare(ver:version, fix:fix, regexes:regexes) < 0)\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra: report);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Samba\", port, version);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-01-12T09:49:29", "description": "Several vulnerabilities have been discovered in Samba, a SMB/CIFS\nfile, print, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues :\n\n - CVE-2015-7560\n Jeremy Allison of Google, Inc. and the Samba Team\n discovered that Samba incorrectly handles getting and\n setting ACLs on a symlink path. An authenticated\n malicious client can use SMB1 UNIX extensions to create\n a symlink to a file or directory, and then use non-UNIX\n SMB1 calls to overwrite the contents of the ACL on the\n file or directory linked to.\n\n - CVE-2016-0771\n Garming Sam and Douglas Bagnall of Catalyst IT\n discovered that Samba is vulnerable to an out-of-bounds\n read issue during DNS TXT record handling, if Samba is\n deployed as an AD DC and chosen to run the internal DNS\n server. A remote attacker can exploit this flaw to cause\n a denial of service (Samba crash), or potentially, to\n allow leakage of memory from the server in the form of a\n DNS TXT reply.\n\nAdditionally this update includes a fix for a regression introduced\ndue to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups\nwhere the share path is '/'.", "edition": 25, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-14T00:00:00", "title": "Debian DSA-3514-1 : samba - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2015-5252", "CVE-2016-0771"], "modified": "2016-03-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:samba", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3514.NASL", "href": "https://www.tenable.com/plugins/nessus/89876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3514. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89876);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7560\", \"CVE-2016-0771\");\n script_xref(name:\"DSA\", value:\"3514\");\n\n script_name(english:\"Debian DSA-3514-1 : samba - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Samba, a SMB/CIFS\nfile, print, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues :\n\n - CVE-2015-7560\n Jeremy Allison of Google, Inc. and the Samba Team\n discovered that Samba incorrectly handles getting and\n setting ACLs on a symlink path. An authenticated\n malicious client can use SMB1 UNIX extensions to create\n a symlink to a file or directory, and then use non-UNIX\n SMB1 calls to overwrite the contents of the ACL on the\n file or directory linked to.\n\n - CVE-2016-0771\n Garming Sam and Douglas Bagnall of Catalyst IT\n discovered that Samba is vulnerable to an out-of-bounds\n read issue during DNS TXT record handling, if Samba is\n deployed as an AD DC and chosen to run the internal DNS\n server. A remote attacker can exploit this flaw to cause\n a denial of service (Samba crash), or potentially, to\n allow leakage of memory from the server in the form of a\n DNS TXT reply.\n\nAdditionally this update includes a fix for a regression introduced\ndue to the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups\nwhere the share path is '/'.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-5252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3514\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the samba packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy)\nis not affected by CVE-2016-0771.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 2:4.1.17+dfsg-2+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libnss-winbind\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpam-smbpass\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpam-winbind\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsmbclient\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsmbclient-dev\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwbclient-dev\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwbclient0\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"samba\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"samba-common\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"samba-common-bin\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"samba-dbg\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"samba-doc\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"samba-doc-pdf\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"samba-tools\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"smbclient\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"swat\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"winbind\", reference:\"2:3.6.6-6+deb7u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libnss-winbind\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpam-smbpass\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpam-winbind\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libparse-pidl-perl\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbclient\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbclient-dev\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbsharemodes-dev\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbsharemodes0\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwbclient-dev\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwbclient0\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-samba\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"registry-tools\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-common\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-common-bin\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-dbg\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-dev\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-doc\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-dsdb-modules\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-libs\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-testsuite\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-vfs-modules\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"smbclient\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"winbind\", reference:\"2:4.1.17+dfsg-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2021-01-20T15:29:27", "description": "Jeremy Allison discovered that Samba incorrectly handled ACLs on\nsymlink paths. A remote attacker could use this issue to overwrite the\nownership of ACLs using symlinks. (CVE-2015-7560)\n\nGarming Sam and Douglas Bagnall discovered that the Samba internal DNS\nserver incorrectly handled certain DNS TXT records. A remote attacker\ncould use this issue to cause Samba to crash, resulting in a denial of\nservice, or possibly obtain uninitialized memory contents. This issue\nonly applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771)\n\nIt was discovered that the Samba Web Administration Tool (SWAT) was\nvulnerable to clickjacking and cross-site request forgery attacks.\nThis issue only affected Ubuntu 12.04 LTS. (CVE-2013-0213,\nCVE-2013-0214).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-09T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2922-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560", "CVE-2013-0214", "CVE-2013-0213", "CVE-2016-0771"], "modified": "2016-03-09T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:swat", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2922-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2922-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89777);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0213\", \"CVE-2013-0214\", \"CVE-2015-7560\", \"CVE-2016-0771\");\n script_xref(name:\"USN\", value:\"2922-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : samba vulnerabilities (USN-2922-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jeremy Allison discovered that Samba incorrectly handled ACLs on\nsymlink paths. A remote attacker could use this issue to overwrite the\nownership of ACLs using symlinks. (CVE-2015-7560)\n\nGarming Sam and Douglas Bagnall discovered that the Samba internal DNS\nserver incorrectly handled certain DNS TXT records. A remote attacker\ncould use this issue to cause Samba to crash, resulting in a denial of\nservice, or possibly obtain uninitialized memory contents. This issue\nonly applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771)\n\nIt was discovered that the Samba Web Administration Tool (SWAT) was\nvulnerable to clickjacking and cross-site request forgery attacks.\nThis issue only affected Ubuntu 12.04 LTS. (CVE-2013-0213,\nCVE-2013-0214).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2922-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba and / or swat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:swat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"samba\", pkgver:\"2:3.6.3-2ubuntu2.17\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"swat\", pkgver:\"2:3.6.3-2ubuntu2.17\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"samba\", pkgver:\"2:4.1.6+dfsg-1ubuntu2.14.04.13\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"samba\", pkgver:\"2:4.1.17+dfsg-4ubuntu3.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / swat\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:49", "description": "Update to Samba 4.2.9, fixes CVE-2015-7560\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-14T00:00:00", "title": "Fedora 22 : samba-4.2.9-0.fc22 (2016-cad77a4576)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "modified": "2016-03-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:samba", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-CAD77A4576.NASL", "href": "https://www.tenable.com/plugins/nessus/89889", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-cad77a4576.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89889);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7560\");\n script_xref(name:\"FEDORA\", value:\"2016-cad77a4576\");\n\n script_name(english:\"Fedora 22 : samba-4.2.9-0.fc22 (2016-cad77a4576)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Samba 4.2.9, fixes CVE-2015-7560\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1315942\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178764.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec38e416\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected samba package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"samba-4.2.9-0.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:49:09", "description": "A flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nAfter installing this update, the smb service will be restarted\nautomatically.", "edition": 15, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-16T00:00:00", "title": "Scientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64 (20160315)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "modified": "2016-03-16T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:samba-client-libs", "p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui", "p-cpe:/a:fermilab:scientific_linux:samba-devel", "p-cpe:/a:fermilab:scientific_linux:samba-libs", "p-cpe:/a:fermilab:scientific_linux:samba-test", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel", "p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba-test-libs", "p-cpe:/a:fermilab:scientific_linux:samba-common", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules", "p-cpe:/a:fermilab:scientific_linux:samba-dc-libs", "p-cpe:/a:fermilab:scientific_linux:samba-python", "p-cpe:/a:fermilab:scientific_linux:samba-pidl", "p-cpe:/a:fermilab:scientific_linux:samba-client", "p-cpe:/a:fermilab:scientific_linux:samba-swat", "p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs", "p-cpe:/a:fermilab:scientific_linux:samba-test-devel", "p-cpe:/a:fermilab:scientific_linux:samba-winbind", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients", "p-cpe:/a:fermilab:scientific_linux:samba-glusterfs", "p-cpe:/a:fermilab:scientific_linux:libwbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba-dc", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:samba-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libsmbclient", "p-cpe:/a:fermilab:scientific_linux:libwbclient", "p-cpe:/a:fermilab:scientific_linux:samba", "p-cpe:/a:fermilab:scientific_linux:samba-doc", "p-cpe:/a:fermilab:scientific_linux:samba-common-tools", "p-cpe:/a:fermilab:scientific_linux:samba-common-libs"], "id": "SL_20160315_SAMBA_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/89959", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89959);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-7560\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL6.x, SL7.x i386/x86_64 (20160315)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nAfter installing this update, the smb service will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=4850\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47137a88\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsmbclient-devel-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-client-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-common-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-debuginfo-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-doc-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-domainjoin-gui-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-swat-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-clients-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-devel-3.6.23-25.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"samba-winbind-krb5-locator-3.6.23-25.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libsmbclient-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libsmbclient-devel-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwbclient-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libwbclient-devel-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-client-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-client-libs-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"samba-common-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-dc-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-devel-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-libs-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"samba-pidl-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-python-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-test-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-test-libs-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.3-12.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"samba-winbind-modules-4.2.3-12.el7_2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsmbclient / libsmbclient-devel / libwbclient / libwbclient-devel / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-04-01T05:35:32", "description": "Updated samba4 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this\nissue. Upstream acknowledges Jeremy Allison (Google) and the Samba\nteam as the original reporters.\n\nAll samba4 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, the smb service will be restarted\nautomatically.", "edition": 30, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-16T00:00:00", "title": "RHEL 6 : samba4 (RHSA-2016:0449)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:samba4-pidl", "p-cpe:/a:redhat:enterprise_linux:samba4", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:samba4-libs", "p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba4-swat", "p-cpe:/a:redhat:enterprise_linux:samba4-winbind", "p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba4-dc", "p-cpe:/a:redhat:enterprise_linux:samba4-test", "p-cpe:/a:redhat:enterprise_linux:samba4-devel", "p-cpe:/a:redhat:enterprise_linux:samba4-common", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:samba4-python", "p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba4-client"], "id": "REDHAT-RHSA-2016-0449.NASL", "href": "https://www.tenable.com/plugins/nessus/89955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0449. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89955);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7560\");\n script_xref(name:\"RHSA\", value:\"2016:0449\");\n\n script_name(english:\"RHEL 6 : samba4 (RHSA-2016:0449)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba4 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this\nissue. Upstream acknowledges Jeremy Allison (Google) and the Samba\nteam as the original reporters.\n\nAll samba4 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, the smb service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7560\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba4-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0449\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-client-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-client-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-client-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-common-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-common-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-common-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-dc-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-dc-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-dc-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-dc-libs-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-dc-libs-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-dc-libs-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-debuginfo-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-debuginfo-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-debuginfo-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-devel-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-devel-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-devel-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-libs-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-libs-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-libs-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-pidl-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-pidl-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-pidl-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-python-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-python-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-python-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-swat-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-swat-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-swat-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-test-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-test-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-test-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-winbind-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-winbind-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-winbind-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-winbind-clients-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-winbind-clients-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-winbind-clients-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-04-01T05:35:32", "description": "Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this\nissue. Upstream acknowledges Jeremy Allison (Google) and the Samba\nteam as the original reporters.\n\nAll samba users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, the smb service will be restarted\nautomatically.", "edition": 31, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-16T00:00:00", "title": "RHEL 6 / 7 : samba (RHSA-2016:0448)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel", "cpe:/o:redhat:enterprise_linux:6.7", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-dc", "p-cpe:/a:redhat:enterprise_linux:samba-python", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:ctdb-devel", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:samba-common", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:samba-test-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-client", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "p-cpe:/a:redhat:enterprise_linux:samba-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:samba-swat", "p-cpe:/a:redhat:enterprise_linux:samba-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-doc", "p-cpe:/a:redhat:enterprise_linux:samba-test"], "id": "REDHAT-RHSA-2016-0448.NASL", "href": "https://www.tenable.com/plugins/nessus/89954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0448. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89954);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7560\");\n script_xref(name:\"RHSA\", value:\"2016:0448\");\n\n script_name(english:\"RHEL 6 / 7 : samba (RHSA-2016:0448)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this\nissue. Upstream acknowledges Jeremy Allison (Google) and the Samba\nteam as the original reporters.\n\nAll samba users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling this update, the smb service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7560\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-domainjoin-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-swat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0448\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsmbclient-devel-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-client-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-client-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-common-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-debuginfo-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-doc-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-doc-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-doc-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-domainjoin-gui-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-domainjoin-gui-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-domainjoin-gui-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-glusterfs-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-swat-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-swat-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-swat-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-clients-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"samba-winbind-devel-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"samba-winbind-krb5-locator-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-3.6.23-25.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-3.6.23-25.el6_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"ctdb-devel-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-devel-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-tests-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libsmbclient-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libsmbclient-devel-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libwbclient-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libwbclient-devel-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-client-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-client-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-client-libs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-common-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-common-libs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-common-tools-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-dc-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-dc-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-dc-libs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-debuginfo-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-devel-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-libs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-pidl-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-python-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-python-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-test-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-test-devel-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-test-libs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-winbind-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-winbind-clients-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"samba-winbind-krb5-locator-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.3-12.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"samba-winbind-modules-4.2.3-12.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-devel / ctdb-tests / libsmbclient / libsmbclient-devel / etc\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-04-01T05:35:32", "description": "Updated samba packages that fix one security issue and one bug are now\navailable for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux\n6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this\nissue. Upstream acknowledges Jeremy Allison (Google) and the Samba\nteam as the original reporters.\n\nThis update also fixes the following bug :\n\n* Under a high load, the vfs_glusterfs AIO code would hit a\nuse-after-free error and cause a crash. This update fixes the affected\ncode, and crashes no longer occur. (BZ #1315736)\n\nAll samba users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the smb service will be restarted\nautomatically.", "edition": 30, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2016-03-17T00:00:00", "title": "RHEL 6 / 7 : Storage Server (RHSA-2016:0447)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7560"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-dc", "p-cpe:/a:redhat:enterprise_linux:samba-python", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:ctdb-devel", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "p-cpe:/a:redhat:enterprise_linux:samba-test-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:samba-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-test"], "id": "REDHAT-RHSA-2016-0447.NASL", "href": "https://www.tenable.com/plugins/nessus/89983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89983);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-7560\");\n script_xref(name:\"RHSA\", value:\"2016:0447\");\n\n script_name(english:\"RHEL 6 / 7 : Storage Server (RHSA-2016:0447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated samba packages that fix one security issue and one bug are now\navailable for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux\n6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nSamba is an open source implementation of the Server Message Block\n(SMB) or Common Internet File System (CIFS) protocol, which allows\nPC-compatible machines to share files, printers, and other\ninformation.\n\nA flaw was found in the way Samba handled ACLs on symbolic links. An\nauthenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this\nissue. Upstream acknowledges Jeremy Allison (Google) and the Samba\nteam as the original reporters.\n\nThis update also fixes the following bug :\n\n* Under a high load, the vfs_glusterfs AIO code would hit a\nuse-after-free error and cause a crash. This update fixes the affected\ncode, and crashes no longer occur. (BZ #1315736)\n\nAll samba users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After\ninstalling this update, the smb service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-7560\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"glusterfs-server\") || rpm_exists(release:\"RHEL7\", rpm:\"glusterfs-server\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Storage Server\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ctdb-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ctdb-devel-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ctdb-tests-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libsmbclient-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libsmbclient-devel-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libwbclient-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libwbclient-devel-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-client-libs-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"samba-common-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-dc-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-devel-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-libs-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"samba-pidl-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-python-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-test-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-test-libs-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.4-15.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"samba-winbind-modules-4.2.4-15.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-devel-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ctdb-tests-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libsmbclient-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libsmbclient-devel-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libwbclient-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"libwbclient-devel-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-client-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-client-libs-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"samba-common-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-common-libs-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-common-tools-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-dc-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-dc-libs-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-devel-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-libs-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"samba-pidl-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-python-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-devel-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-test-libs-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-vfs-glusterfs-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-clients-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-krb5-locator-4.2.4-15.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"samba-winbind-modules-4.2.4-15.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-devel / ctdb-tests / libsmbclient / libsmbclient-devel / etc\");\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:52:22", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560", "CVE-2015-5252", "CVE-2016-0771"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3514-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 12, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nCVE ID : CVE-2015-7560 CVE-2016-0771\nDebian Bug : 812429\n\nSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:\n\nCVE-2015-7560\n\n Jeremy Allison of Google, Inc. and the Samba Team discovered that\n Samba incorrectly handles getting and setting ACLs on a symlink\n path. An authenticated malicious client can use SMB1 UNIX extensions\n to create a symlink to a file or directory, and then use non-UNIX\n SMB1 calls to overwrite the contents of the ACL on the file or\n directory linked to.\n\nCVE-2016-0771\n\n Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba\n is vulnerable to an out-of-bounds read issue during DNS TXT record\n handling, if Samba is deployed as an AD DC and chosen to run the\n internal DNS server. A remote attacker can exploit this flaw to\n cause a denial of service (Samba crash), or potentially, to allow\n leakage of memory from the server in the form of a DNS TXT reply.\n\nAdditionally this update includes a fix for a regression introduced due\nto the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the\nshare path is '/'.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy) is not\naffected by CVE-2016-0771.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.17+dfsg-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:4.3.6+dfsg-1.\n\nWe recommend that you upgrade your samba packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2016-03-12T07:24:10", "published": "2016-03-12T07:24:10", "id": "DEBIAN:DSA-3514-1:75722", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00088.html", "title": "[SECURITY] [DSA 3514-1] samba security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560", "CVE-2013-0214", "CVE-2013-0213", "CVE-2016-0771"], "description": "Jeremy Allison discovered that Samba incorrectly handled ACLs on symlink \npaths. A remote attacker could use this issue to overwrite the ownership of \nACLs using symlinks. (CVE-2015-7560)\n\nGarming Sam and Douglas Bagnall discovered that the Samba internal DNS \nserver incorrectly handled certain DNS TXT records. A remote attacker could \nuse this issue to cause Samba to crash, resulting in a denial of service, \nor possibly obtain uninitialized memory contents. This issue only applied \nto Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-0771)\n\nIt was discovered that the Samba Web Administration Tool (SWAT) was \nvulnerable to clickjacking and cross-site request forgery attacks. This \nissue only affected Ubuntu 12.04 LTS. (CVE-2013-0213, CVE-2013-0214)", "edition": 5, "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "USN-2922-1", "href": "https://ubuntu.com/security/notices/USN-2922-1", "title": "Samba vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "samba": [{"lastseen": "2020-12-24T13:20:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-7560"], "description": "All versions of Samba from 3.2.0 to 4.4.0rc3 inclusive are vulnerable to a malicious client overwriting the ownership of ACLs using symlinks.\nAn authenticated malicious client can use SMB1 UNIX extensions to create a symlink to a file or directory, and then use non-UNIX SMB1 calls to overwrite the contents of the ACL on the file or directory linked to.", "edition": 5, "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "SAMBA:CVE-2015-7560", "href": "https://www.samba.org/samba/security/CVE-2015-7560.html", "title": "Incorrect ACL get/set allowed on symlink path. ", "type": "samba", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-12-24T13:20:58", "bulletinFamily": "software", "cvelist": ["CVE-2016-0771"], "description": "All versions of Samba from 4.0.0 to 4.4.0rc3 inclusive, when deployed as an AD DC and choose to run the internal DNS server, are vulnerable to an out-of-bounds read issue during DNS TXT record handling caused by users with permission to modify DNS records.\nA malicious client can upload a specially constructed DNS TXT record, resulting in a remote denial-of-service attack. As long as the affected TXT record remains undisturbed in the Samba database, a targeted DNS query may continue to trigger this exploit.\nWhile unlikely, the out-of-bounds read may bypass safety checks and allow leakage of memory from the server in the form of a DNS TXT reply.\nBy default only authenticated accounts can upload DNS records, as \"allow dns updates = secure only\" is the default. Any other value would allow anonymous clients to trigger this bug, which is a much higher risk.", "edition": 5, "modified": "2016-03-08T00:00:00", "published": "2016-03-08T00:00:00", "id": "SAMBA:CVE-2016-0771", "href": "https://www.samba.org/samba/security/CVE-2016-0771.html", "title": "Out-of-bounds read in internal DNS server ", "type": "samba", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "[4.0.0-68.rc4]\n- resolves: #1314670 - Fix CVE-2015-7560", "edition": 4, "modified": "2016-03-15T00:00:00", "published": "2016-03-15T00:00:00", "id": "ELSA-2016-0449", "href": "http://linux.oracle.com/errata/ELSA-2016-0449.html", "title": "samba4 security update", "type": "oraclelinux", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:29", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "[3.6.23-25.0.1]\n- Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258]\n[3.6.23-25]\n- resolves: #1314668 - Fix CVE-2015-7560", "edition": 4, "modified": "2016-03-15T00:00:00", "published": "2016-03-15T00:00:00", "id": "ELSA-2016-0448", "href": "http://linux.oracle.com/errata/ELSA-2016-0448.html", "title": "samba security update", "type": "oraclelinux", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-5330", "CVE-2016-2125", "CVE-2016-2112", "CVE-2016-2118", "CVE-2013-4496", "CVE-2015-7560", "CVE-2017-12150", "CVE-2016-2126", "CVE-2017-7494", "CVE-2018-1050", "CVE-2014-3493", "CVE-2017-12163", "CVE-2013-4408", "CVE-2015-5296", "CVE-2015-5252", "CVE-2017-2619", "CVE-2013-6442", "CVE-2014-0244", "CVE-2016-2110", "CVE-2012-6150", "CVE-2015-0240", "CVE-2016-2115", "CVE-2015-5370", "CVE-2015-5299", "CVE-2016-2111"], "description": "[3.6.23-51.0.1]\n- Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258]\n[3.6.24-51]\n- resolves: #1513877 - Fix memory leak in winbind\n[3.6.24-50]\n- resolves: #1553018 - Fix CVE-2018-1050\n[3.6.24-49]\n- resolves: #1536053 - Fix regression with non-wide symlinks to directories\n[3.6.24-48]\n- resolves: #1519884 - Fix segfault in winbind when querying groups\n[3.6.24-47]\n- resolves: #1413484 - Fix guest login with signing required\n[3.6.24-46]\n- resolves: #1509455 - Fix regression of CVE-2017-2619\n[3.6.24-45]\n- resolves: #1491211 - CVE-2017-2619 CVE-2017-12150 CVE-2017-12163\n[3.6.24-44]\n- resolves: #1451105 - Fix trusted domain handling in winbind\n- resolves: #1431000 - Fix crash while trying to authenticate with a disabled\n account\n- resolves: #1467395 - Add 'winbind request timeout' option\n[3.6.23-43]\n- resolves: #1450783 - Fix CVE-2017-7494\n[3.6.23-42]\n- resolves: #1391256 - Performance issues with vfs_dirsort and extended\n attributes\n[3.6.23-41]\n- resolves: #1413672 - Auth regression after secret changed\n[3.6.23-40]\n- resolves: #1405356 - CVE-2016-2125 CVE-2016-2126\n[3.6.23-39]\n- resolves: #1297805 - Fix issues with printer unpublishing from AD\n[3.6.23-38]\n- resolves: #1347843 - Fix RPC queryUserList returning NO_MEMORY for\n empty list\n[3.6.23-37]\n- resolves: #1380151 - Fix memory leak in idmap_ad module\n- resolves: #1333561 - Fix smbclient connection issues to DFS shares\n- resolves: #1372611 - Allow ntlmsssp session key setup without signing\n (Workaround for broken NetApp and EMC NAS)\n[3.6.23-35]\n- resolves: #1282289 - Fix winbind memory leak with each cached creds login\n[3.6.23-34]\n- resolves: #1327697 - Fix netlogon credential checks\n- resolves: #1327746 - Fix dcerpc trailer verificaton\n[3.6.23-33]\n- related: #1322687 - Update CVE patchset\n[3.6.23-32]\n- related: #1322687 - Update manpages\n[3.6.23-31]\n- related: #1322687 - Update CVE patchset\n[3.6.23-30]\n- related: #1322687 - Update CVE patchset\n[3.6.23-29]\n- resolves: #1322687 - Fix CVE-2015-5370\n- resolves: #1322687 - Fix CVE-2016-2110\n- resolves: #1322687 - Fix CVE-2016-2111\n- resolves: #1322687 - Fix CVE-2016-2112\n- resolves: #1322687 - Fix CVE-2016-2115\n- resolves: #1322687 - Fix CVE-2016-2118 (Known as Badlock)\n[3.6.23-28]\n- resolves: #1305870 - Fix symlink verification\n[3.6.23-27]\n- resolves: #1314671 - Fix CVE-2015-7560\n[3.6.23-26]\n- resolves: #1211744 - Fix DFS client access with Windows Server 2008\n[3.6.23-25]\n- resolves: #1242614 - Fix unmappable S-1-18-1 sid truncates group lookups\n[3.6.23-24]\n- resolves: #1271763 - Fix segfault in NTLMv2_generate_names_blob()\n- resolves: #1261265 - Add '--no-dns-updates' option for 'net ads join'\n[3.6.23-23]\n- resolves: #1290707 - CVE-2015-5299\n- related: #1290707 - CVE-2015-5296\n- related: #1290707 - CVE-2015-5252\n- related: #1290707 - CVE-2015-5330\n[3.6.23-22]\n- resolves: #1232021 - Do not overwrite smb.conf manpage\n- resolves: #1216060 - Document netbios name length limitations\n- resolves: #1234249 - Fix 'map to guest = Bad Uid' option\n- resolves: #1219570 - Fix 'secuirtiy = server' (obsolete) share access\n- resolves: #1211657 - Fix stale cache entries if a printer gets renamed\n[3.6.23-21]\n- resolves: #1252180 - Fix 'force group' with 'winbind use default domain'.\n- resolves: #1250100 - Fix segfault in pam_winbind if option parsing fails\n- resolves: #1222985 - Fix segfault with 'mangling method = hash' option\n[3.6.23-20]\n- resolves: #1164269 - Fix rpcclient timeout command.\n[3.6.23-19]\n- resolves: #1201611 - Fix 'force user' with 'winbind use default domain'.\n[3.6.23-18]\n- resolves: #1194549 - Fix winbind caching issue and support SID compression.\n[3.6.23-17]\n- resolves: #1192211 - Fix restoring shadow copy snapshot with SMB2.\n[3.6.23-16]\n- resolves: #1117059 - Fix nss group enumeration with unresolved groups.\n[3.6.23-15]\n- resolves: #1165750 - Fix guid retrieval for published printers.\n- resolves: #1163383 - Fix 'net ads join -k' with existing keytab entries.\n- resolves: #1195456 - Fix starting daemons on read only filesystems.\n- resolves: #1138552 - Fix CPU utilization when re-reading the printcap info.\n- resolves: #1144916 - Fix smbclient NTLMv2 authentication.\n- resolves: #1164336 - Document 'sharesec' command for\n 'access based share enum' option.\n[3.6.23-14]\n- related: #1191339 - Update patchset for CVE-2015-0240.\n[3.6.23-13]\n- resolves: #1191339 - CVE-2015-0240: RCE in netlogon.\n[3.6.23-12]\n- resolves: #1127723 - Fix samlogon secure channel recovery.\n[3.6.23-11]\n- resolves: #1129006 - Add config variables to set spoolss os version.\n[3.6.23-10]\n- resolves: #1124835 - Fix dropbox share.\n[3.6.23-9]\n- related: #1053886 - Fix receiving the gecos field with winbind.\n[3.6.23-8]\n- resolves: #1110733 - Fix write operations as guest with 'security = share'.\n- resolves: #1053886 - Fix receiving the gecos field with winbind.\n[3.6.23-7]\n- resolves: #1107777 - Fix SMB2 with 'case sensitive = True'\n[3.6.23-6]\n- resolves: #1105500 - CVE-2014-0244: DoS in nmbd.\n- resolves: #1108841 - CVE-2014-3493: DoS in smbd with unicode path names.\n[3.6.23-5]\n- related: #1061301 - Only link glusterfs libraries to vfs module.\n[3.6.23-4]\n- resolves: #1051656 - Fix gecos field copy debug warning.\n- resolves: #1061301 - Add glusterfs vfs module.\n- resolves: #1087472 - Fix libsmbclient crash when HOME variable isnt set.\n- resolves: #1099443 - 'net ads testjoin' fails with IPv6.\n- resolves: #1100670 - Fix 'force user' with 'security = ads'.\n- resolves: #1096522 - Fix enabling SMB2 causes file operations to fail.\n[3.6.23-3]\n- resolves: #1081539 - Add timeout option to smbclient.\n[3.6.23-2]\n- resolves: #1022534 - Do not build Samba with fam support.\n- resolves: #1059301 - Fix nbt query with many components.\n- resolves: #1057332 - Fix force user with guest account.\n- resolves: #1021706 - Fix %G substitution in 'template homedir'.\n- resolves: #1040472 - Fix group expansion in service path.\n- resolves: #1069570 - Fix memory leak reading printer list.\n- resolves: #1067607 - Fix wbinfo -i with one-way trusts.\n- resolves: #1050887 - Fix 100% CPU utilization in winbindd when trying to\n free memory in winbindd_reinit_after_fork.\n- resolves: #1029000 - Fix 'force user' with 'security = ads'.\n[3.6.23-1]\n- resolves: #1073356 - Fix CVE-2013-4496, CVE-2012-6150 and CVE-2013-6442.\n- resolves: #1018038 - Fix CVE-2013-4408.\n[3.6.22-1]\n- resolves: #1003921 - Rebase Samba to 3.6.22.\n- resolves: #1035332 - Fix force user with 'security = user'.", "edition": 4, "modified": "2018-06-25T00:00:00", "published": "2018-06-25T00:00:00", "id": "ELSA-2018-1860", "href": "http://linux.oracle.com/errata/ELSA-2018-1860.html", "title": "samba security and bug fix update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the way Samba handled ACLs on symbolic links.\nAn authenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this issue.\nUpstream acknowledges Jeremy Allison (Google) and the Samba team as the\noriginal reporters.\n\nThis update also fixes the following bug:\n\n* Under a high load, the vfs_glusterfs AIO code would hit a use-after-free\nerror and cause a crash. This update fixes the affected code, and crashes\nno longer occur. (BZ #1315736)\n\nAll samba users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the smb service will be restarted automatically.", "modified": "2018-06-07T02:43:01", "published": "2016-03-15T16:23:15", "id": "RHSA-2016:0447", "href": "https://access.redhat.com/errata/RHSA-2016:0447", "type": "redhat", "title": "(RHSA-2016:0447) Moderate: samba security and bug fix update", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:54", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the way Samba handled ACLs on symbolic links.\nAn authenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this issue.\nUpstream acknowledges Jeremy Allison (Google) and the Samba team as the\noriginal reporters.\n\nAll samba users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, the smb service will be restarted automatically.", "modified": "2018-06-06T20:24:07", "published": "2016-03-15T16:23:23", "id": "RHSA-2016:0448", "href": "https://access.redhat.com/errata/RHSA-2016:0448", "type": "redhat", "title": "(RHSA-2016:0448) Moderate: samba security update", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:04", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "Samba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the way Samba handled ACLs on symbolic links.\nAn authenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this issue.\nUpstream acknowledges Jeremy Allison (Google) and the Samba team as the\noriginal reporters.\n\nAll samba4 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, the smb service will be restarted automatically.\n", "modified": "2018-06-06T20:24:06", "published": "2016-03-15T04:00:00", "id": "RHSA-2016:0449", "href": "https://access.redhat.com/errata/RHSA-2016:0449", "type": "redhat", "title": "(RHSA-2016:0449) Moderate: samba4 security update", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "modified": "2016-03-27T01:03:41", "published": "2016-03-27T01:03:41", "id": "FEDORA:3B80760C76A4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: samba-4.4.0-0.7.rc4.fc24", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "modified": "2016-03-13T09:53:02", "published": "2016-03-13T09:53:02", "id": "FEDORA:2BC88606E7E5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: samba-4.2.9-0.fc22", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "modified": "2016-03-12T11:51:27", "published": "2016-03-12T11:51:27", "id": "FEDORA:E88A5614B788", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: samba-4.3.6-0.fc23", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2020-07-17T03:29:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0448\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the way Samba handled ACLs on symbolic links.\nAn authenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this issue.\nUpstream acknowledges Jeremy Allison (Google) and the Samba team as the\noriginal reporters.\n\nAll samba users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, the smb service will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033768.html\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033770.html\n\n**Affected packages:**\nctdb\nctdb-devel\nctdb-tests\nlibsmbclient\nlibsmbclient-devel\nlibwbclient\nlibwbclient-devel\nsamba\nsamba-client\nsamba-client-libs\nsamba-common\nsamba-common-libs\nsamba-common-tools\nsamba-dc\nsamba-dc-libs\nsamba-devel\nsamba-doc\nsamba-domainjoin-gui\nsamba-glusterfs\nsamba-libs\nsamba-pidl\nsamba-python\nsamba-swat\nsamba-test\nsamba-test-devel\nsamba-test-libs\nsamba-vfs-glusterfs\nsamba-winbind\nsamba-winbind-clients\nsamba-winbind-devel\nsamba-winbind-krb5-locator\nsamba-winbind-modules\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0448.html", "edition": 5, "modified": "2016-03-15T23:40:45", "published": "2016-03-15T23:34:54", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033768.html", "id": "CESA-2016:0448", "title": "ctdb, libsmbclient, libwbclient, samba security update", "type": "centos", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:27:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "**CentOS Errata and Security Advisory** CESA-2016:0449\n\n\nSamba is an open-source implementation of the Server Message Block (SMB) or\nCommon Internet File System (CIFS) protocol, which allows PC-compatible\nmachines to share files, printers, and other information.\n\nA flaw was found in the way Samba handled ACLs on symbolic links.\nAn authenticated user could use this flaw to gain access to an arbitrary\nfile or directory by overwriting its ACL. (CVE-2015-7560)\n\nRed Hat would like to thank the Samba project for reporting this issue.\nUpstream acknowledges Jeremy Allison (Google) and the Samba team as the\noriginal reporters.\n\nAll samba4 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, the smb service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-March/033769.html\n\n**Affected packages:**\nsamba4\nsamba4-client\nsamba4-common\nsamba4-dc\nsamba4-dc-libs\nsamba4-devel\nsamba4-libs\nsamba4-pidl\nsamba4-python\nsamba4-swat\nsamba4-test\nsamba4-winbind\nsamba4-winbind-clients\nsamba4-winbind-krb5-locator\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-0449.html", "edition": 3, "modified": "2016-03-15T23:36:02", "published": "2016-03-15T23:36:02", "href": "http://lists.centos.org/pipermail/centos-announce/2016-March/033769.html", "id": "CESA-2016:0449", "title": "samba4 security update", "type": "centos", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:37:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7560"], "description": "**Issue Overview:**\n\nA flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL.\n\n \n**Affected Packages:** \n\n\nsamba\n\n \n**Issue Correction:** \nRun _yum update samba_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n samba-test-4.2.3-12.31.amzn1.i686 \n samba-test-libs-4.2.3-12.31.amzn1.i686 \n samba-test-devel-4.2.3-12.31.amzn1.i686 \n samba-common-libs-4.2.3-12.31.amzn1.i686 \n samba-winbind-4.2.3-12.31.amzn1.i686 \n samba-libs-4.2.3-12.31.amzn1.i686 \n samba-devel-4.2.3-12.31.amzn1.i686 \n ctdb-devel-4.2.3-12.31.amzn1.i686 \n ctdb-tests-4.2.3-12.31.amzn1.i686 \n libsmbclient-4.2.3-12.31.amzn1.i686 \n samba-winbind-clients-4.2.3-12.31.amzn1.i686 \n samba-winbind-modules-4.2.3-12.31.amzn1.i686 \n samba-python-4.2.3-12.31.amzn1.i686 \n samba-client-libs-4.2.3-12.31.amzn1.i686 \n samba-4.2.3-12.31.amzn1.i686 \n samba-debuginfo-4.2.3-12.31.amzn1.i686 \n libwbclient-4.2.3-12.31.amzn1.i686 \n samba-client-4.2.3-12.31.amzn1.i686 \n samba-winbind-krb5-locator-4.2.3-12.31.amzn1.i686 \n samba-common-tools-4.2.3-12.31.amzn1.i686 \n libwbclient-devel-4.2.3-12.31.amzn1.i686 \n ctdb-4.2.3-12.31.amzn1.i686 \n libsmbclient-devel-4.2.3-12.31.amzn1.i686 \n \n noarch: \n samba-pidl-4.2.3-12.31.amzn1.noarch \n samba-common-4.2.3-12.31.amzn1.noarch \n \n src: \n samba-4.2.3-12.31.amzn1.src \n \n x86_64: \n samba-libs-4.2.3-12.31.amzn1.x86_64 \n samba-winbind-modules-4.2.3-12.31.amzn1.x86_64 \n samba-winbind-4.2.3-12.31.amzn1.x86_64 \n samba-winbind-krb5-locator-4.2.3-12.31.amzn1.x86_64 \n libwbclient-4.2.3-12.31.amzn1.x86_64 \n samba-devel-4.2.3-12.31.amzn1.x86_64 \n libwbclient-devel-4.2.3-12.31.amzn1.x86_64 \n ctdb-4.2.3-12.31.amzn1.x86_64 \n libsmbclient-devel-4.2.3-12.31.amzn1.x86_64 \n samba-winbind-clients-4.2.3-12.31.amzn1.x86_64 \n samba-python-4.2.3-12.31.amzn1.x86_64 \n ctdb-tests-4.2.3-12.31.amzn1.x86_64 \n libsmbclient-4.2.3-12.31.amzn1.x86_64 \n samba-test-4.2.3-12.31.amzn1.x86_64 \n samba-common-libs-4.2.3-12.31.amzn1.x86_64 \n samba-test-devel-4.2.3-12.31.amzn1.x86_64 \n ctdb-devel-4.2.3-12.31.amzn1.x86_64 \n samba-4.2.3-12.31.amzn1.x86_64 \n samba-client-libs-4.2.3-12.31.amzn1.x86_64 \n samba-common-tools-4.2.3-12.31.amzn1.x86_64 \n samba-client-4.2.3-12.31.amzn1.x86_64 \n samba-test-libs-4.2.3-12.31.amzn1.x86_64 \n samba-debuginfo-4.2.3-12.31.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-03-29T15:30:00", "published": "2016-03-29T15:30:00", "id": "ALAS-2016-674", "href": "https://alas.aws.amazon.com/ALAS-2016-674.html", "title": "Medium: samba", "type": "amazon", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}]}