{"id": "FEDORA:0A0956045A18", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 26 Update: heimdal-7.4.0-1.fc26", "description": "Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec (rfc1510 and successors) including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center server and support for ticket delegation (S4U2Self, S4U2Proxy). This package can coexist with MIT Kerberos 5 packages. Hesiod is disabled by default since it is deemed too big a security risk by the packager. ", "published": "2017-07-23T04:00:38", "modified": "2017-07-23T04:00:38", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2017-11103"], "lastseen": "2020-12-21T08:17:54", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-11103"]}, {"type": "f5", "idList": ["F5:K50314830"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873001", "OPENVAS:1361412562310872903", "OPENVAS:1361412562310843242", "OPENVAS:1361412562310843243", "OPENVAS:703912", "OPENVAS:1361412562310851602", "OPENVAS:1361412562310891027", "OPENVAS:703909", "OPENVAS:1361412562310703909", "OPENVAS:1361412562310703912"]}, {"type": "fedora", "idList": ["FEDORA:D55AE6075B3D"]}, {"type": "slackware", "idList": ["SSA-2017-195-02"]}, {"type": "samba", "idList": ["SAMBA:CVE-2017-11103(HEIMDAL)"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3912-1:7E679", "DEBIAN:DLA-1027-1:8D27C", "DEBIAN:DSA-3909-1:5F09A"]}, {"type": "nessus", "idList": ["SAMBA_4_6_6.NASL", "DEBIAN_DLA-1027.NASL", "UBUNTU_USN-3353-1.NASL", "OPENSUSE-2017-987.NASL", "DEBIAN_DSA-3909.NASL", "FEDORA_2017-5D6A9E0C9C.NASL", "FREEBSD_PKG_85851E4F67D911E7BC3700505689D4AE.NASL", "DEBIAN_DSA-3912.NASL", "SUSE_SU-2017-2237-1.NASL", "UBUNTU_USN-3353-2.NASL"]}, {"type": "ubuntu", "idList": ["USN-3353-2", "USN-3353-1", "USN-3353-3", "USN-3353-4"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2237-1", "OPENSUSE-SU-2017:2311-1"]}, {"type": "freebsd", "idList": ["85851E4F-67D9-11E7-BC37-00505689D4AE"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:9BFEEE7CDA0C7EC05BB66A53A89CC49D"]}, {"type": "cisa", "idList": ["CISA:F55DAC81E41CEEB397FF101A6BFE212E"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787968"]}, {"type": "apple", "idList": ["APPLE:HT208221", "APPLE:HT208144", "APPLE:HT208112"]}], "modified": "2020-12-21T08:17:54", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-12-21T08:17:54", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "26", "arch": "any", "packageName": "heimdal", "packageVersion": "7.4.0", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T06:36:32", "description": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.", "edition": 9, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-07-13T13:29:00", "title": "CVE-2017-11103", "type": "cve", "cwe": ["CWE-345"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11103"], "modified": "2020-08-18T15:05:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:freebsd:freebsd:-", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-11103", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11103", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2019-02-20T21:07:52", "bulletinFamily": "software", "cvelist": ["CVE-2017-11103"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.3.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-09-28T01:06:00", "published": "2017-08-08T00:02:00", "id": "F5:K50314830", "href": "https://support.f5.com/csp/article/K50314830", "title": "Samba MITM vulnerability CVE-2017-11103", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-01-29T20:07:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in Heimdal Kerberos. Also known as\nOrpheus", "modified": "2020-01-29T00:00:00", "published": "2018-02-05T00:00:00", "id": "OPENVAS:1361412562310891027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891027", "type": "openvas", "title": "Debian LTS: Security Advisory for heimdal (DLA-1027-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891027\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-11103\");\n script_name(\"Debian LTS: Security Advisory for heimdal (DLA-1027-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-05 00:00:00 +0100 (Mon, 05 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"heimdal on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.6~git20120403+dfsg1-2+deb7u1.\n\nWe recommend that you upgrade your heimdal packages.\");\n\n script_tag(name:\"summary\", value:\"Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in Heimdal Kerberos. Also known as\nOrpheus' Lyre, this vulnerability could be used by an attacker to mount\na service impersonation attack on the client if he's on the network\npath between the client and the service.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-clients\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-clients-x\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-dbg\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-dev\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-docs\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-kcm\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-kdc\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-multidev\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-servers\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"heimdal-servers-x\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libasn1-8-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libgssapi3-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libhcrypto4-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libhdb9-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libheimbase1-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libheimntlm0-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libhx509-5-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkadm5clnt7-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkadm5srv8-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkafs0-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkdc2-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkrb5-26-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libotp0-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libroken18-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libsl0-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libwind0-heimdal\", ver:\"1.6~git20120403+dfsg1-2+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-07-24T00:00:00", "id": "OPENVAS:1361412562310872903", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872903", "type": "openvas", "title": "Fedora Update for heimdal FEDORA-2017-5d6a9e0c9c", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_5d6a9e0c9c_heimdal_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for heimdal FEDORA-2017-5d6a9e0c9c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872903\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-24 05:48:21 +0200 (Mon, 24 Jul 2017)\");\n script_cve_id(\"CVE-2017-11103\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for heimdal FEDORA-2017-5d6a9e0c9c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'heimdal'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"heimdal on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-5d6a9e0c9c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7E5QNDLMCSOSSGNQUHVIJEF3LLFR4YUW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"heimdal\", rpm:\"heimdal~7.4.0~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-07-16T00:00:00", "id": "OPENVAS:1361412562310843242", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843242", "type": "openvas", "title": "Ubuntu Update for heimdal USN-3353-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3353_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for heimdal USN-3353-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843242\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-16 07:22:38 +0200 (Sun, 16 Jul 2017)\");\n script_cve_id(\"CVE-2017-11103\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for heimdal USN-3353-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'heimdal'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jeffrey Altman, Viktor Dukhovni, and Nicolas\nWilliams discovered that Heimdal clients incorrectly trusted unauthenticated\nportions of Kerberos tickets. A remote attacker could use this to impersonate\ntrusted network services or perform other attacks.\");\n script_tag(name:\"affected\", value:\"heimdal on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3353-1\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3353-1\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:amd64\", ver:\"1.6~git20131207+dfsg-1ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:i386\", ver:\"1.6~git20131207+dfsg-1ubuntu1.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:amd64\", ver:\"7.1.0+dfsg-9ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:i386\", ver:\"7.1.0+dfsg-9ubuntu1.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:amd64\", ver:\"1.7~git20150920+dfsg-4ubuntu1.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:i386\", ver:\"1.7~git20150920+dfsg-4ubuntu1.16.10.1\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:amd64\", ver:\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal:i386\", ver:\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible with\nMIT Kerberos, trusts metadata taken from the unauthenticated plaintext\n(Ticket), rather than the authenticated and encrypted KDC response. A\nman-in-the-middle attacker can use this flaw to impersonate services to\nthe client.", "modified": "2019-03-18T00:00:00", "published": "2017-07-16T00:00:00", "id": "OPENVAS:1361412562310703912", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703912", "type": "openvas", "title": "Debian Security Advisory DSA 3912-1 (heimdal - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3912.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3912-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703912\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-11103\");\n script_name(\"Debian Security Advisory DSA 3912-1 (heimdal - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-16 00:00:00 +0200 (Sun, 16 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3912.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"heimdal on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 1.6~rc2+dfsg-9+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.1.0+dfsg-13+deb9u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.4.0.dfsg.1-1.\n\nWe recommend that you upgrade your heimdal packages.\");\n script_tag(name:\"summary\", value:\"Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible with\nMIT Kerberos, trusts metadata taken from the unauthenticated plaintext\n(Ticket), rather than the authenticated and encrypted KDC response. A\nman-in-the-middle attacker can use this flaw to impersonate services to\nthe client.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"heimdal-clients\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-dbg\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-dev\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-docs\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-kcm\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-kdc\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-multidev\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-servers\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libasn1-8-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgssapi3-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libhcrypto4-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libhdb9-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libheimbase1-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libheimntlm0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libhx509-5-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkadm5clnt7-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkadm5srv8-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkafs0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkdc2-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libotp0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libroken18-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsl0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwind0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-clients\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-clients-x\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-dbg\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-dev\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-docs\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-kcm\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-kdc\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-multidev\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-servers\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"heimdal-servers-x\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libasn1-8-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libgssapi3-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libhcrypto4-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libhdb9-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libheimbase1-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libheimntlm0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libhx509-5-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkadm5clnt7-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkadm5srv8-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkafs0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkdc2-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libotp0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libroken18-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsl0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwind0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in samba, the SMB/CIFS file, print, and\nlogin server. Also known as Orpheus", "modified": "2019-03-18T00:00:00", "published": "2017-07-14T00:00:00", "id": "OPENVAS:1361412562310703909", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703909", "type": "openvas", "title": "Debian Security Advisory DSA 3909-1 (samba - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3909.nasl 14280 2019-03-18 14:50:45Z cfischer $\n# Auto-generated from advisory DSA 3909-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703909\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-11103\");\n script_name(\"Debian Security Advisory DSA 3909-1 (samba - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 00:00:00 +0200 (Fri, 14 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3909.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|10|9)\");\n script_tag(name:\"affected\", value:\"samba on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 2:4.2.14+dfsg-0+deb8u7.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2:4.5.8+dfsg-2+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 2:4.6.5+dfsg-4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.6.5+dfsg-4.\n\nWe recommend that you upgrade your samba packages.\");\n script_tag(name:\"summary\", value:\"Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in samba, the SMB/CIFS file, print, and\nlogin server. Also known as Orpheus' Lyre, this vulnerability is located in\nSamba Kerberos Key Distribution Center (KDC-REP) component and could be used by\nan attacker on the network path to impersonate a server.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"ctdb\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-winbind\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-smbpass\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-winbind\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libparse-pidl-perl\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbsharemodes-dev\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbsharemodes0\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient-dev\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-samba\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"registry-tools\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dbg\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dev\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-doc\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-libs\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-testsuite\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-vfs-modules\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:4.2.14+dfsg-0+deb8u7\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ctdb\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-winbind\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-winbind\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libparse-pidl-perl\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient-dev\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-samba\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"registry-tools\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dev\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-libs\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-testsuite\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-vfs-modules\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:4.6.5+dfsg-4\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ctdb\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss-winbind\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libpam-winbind\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libparse-pidl-perl\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsmbclient-dev\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient-dev\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libwbclient0\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-samba\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"registry-tools\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-common-bin\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dev\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-dsdb-modules\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-libs\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-testsuite\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"samba-vfs-modules\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"smbclient\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"winbind\", ver:\"2:4.5.8+dfsg-2+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-08-31T00:00:00", "id": "OPENVAS:1361412562310851602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851602", "type": "openvas", "title": "openSUSE: Security Advisory for samba (openSUSE-SU-2017:2311-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851602\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-31 07:46:17 +0200 (Thu, 31 Aug 2017)\");\n script_cve_id(\"CVE-2017-11103\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for samba (openSUSE-SU-2017:2311-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update provides Samba 4.6.7, which fixes the following issues:\n\n - CVE-2017-11103: Metadata were being taken from the unauthenticated\n plaintext (the Ticket) rather than the authenticated and encrypted KDC\n response. (bsc#1048278)\n\n - Fix cephwrap_chdir(). (bsc#1048790)\n\n - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb.\n (bsc#1048339)\n\n - Fix inconsistent ctdb socket path. (bsc#1048352)\n\n - Fix non-admin cephx authentication. (bsc#1048387)\n\n - CTDB cannot start when there is no persistent database. (bsc#1052577)\n\n The CTDB resource agent was also fixed to not fail when the database is\n empty.\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\");\n\n script_tag(name:\"affected\", value:\"samba on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2311-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ctdb\", rpm:\"ctdb~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-debuginfo\", rpm:\"ctdb-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-tests\", rpm:\"ctdb-tests~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ctdb-tests-debuginfo\", rpm:\"ctdb-tests-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ldirectord\", rpm:\"ldirectord~4.0.1+git.1495055229.643177f1~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0\", rpm:\"libdcerpc-binding0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo\", rpm:\"libdcerpc-binding0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-devel\", rpm:\"libdcerpc-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr-devel\", rpm:\"libdcerpc-samr-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0\", rpm:\"libdcerpc-samr0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo\", rpm:\"libdcerpc-samr0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0\", rpm:\"libdcerpc0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo\", rpm:\"libdcerpc0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-devel\", rpm:\"libndr-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac-devel\", rpm:\"libndr-krb5pac-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0\", rpm:\"libndr-krb5pac0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo\", rpm:\"libndr-krb5pac0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt-devel\", rpm:\"libndr-nbt-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0\", rpm:\"libndr-nbt0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo\", rpm:\"libndr-nbt0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard-devel\", rpm:\"libndr-standard-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0\", rpm:\"libndr-standard0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo\", rpm:\"libndr-standard0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0\", rpm:\"libndr0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo\", rpm:\"libndr0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo\", rpm:\"libnetapi0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials-devel\", rpm:\"libsamba-credentials-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0\", rpm:\"libsamba-credentials0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo\", rpm:\"libsamba-credentials0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors-devel\", rpm:\"libsamba-errors-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0\", rpm:\"libsamba-errors0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0-debuginfo\", rpm:\"libsamba-errors0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig-devel\", rpm:\"libsamba-hostconfig-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0\", rpm:\"libsamba-hostconfig0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo\", rpm:\"libsamba-hostconfig0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb-devel\", rpm:\"libsamba-passdb-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0\", rpm:\"libsamba-passdb0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo\", rpm:\"libsamba-passdb0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy-devel\", rpm:\"libsamba-policy-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0\", rpm:\"libsamba-policy0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo\", rpm:\"libsamba-policy0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util-devel\", rpm:\"libsamba-util-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0\", rpm:\"libsamba-util0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo\", rpm:\"libsamba-util0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb-devel\", rpm:\"libsamdb-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0\", rpm:\"libsamdb0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo\", rpm:\"libsamdb0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo\", rpm:\"libsmbclient0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf-devel\", rpm:\"libsmbconf-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0\", rpm:\"libsmbconf0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo\", rpm:\"libsmbconf0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap-devel\", rpm:\"libsmbldap-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0\", rpm:\"libsmbldap0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo\", rpm:\"libsmbldap0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util-devel\", rpm:\"libtevent-util-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0\", rpm:\"libtevent-util0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo\", rpm:\"libtevent-util0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo\", rpm:\"libwbclient0-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"resource-agents\", rpm:\"resource-agents~4.0.1+git.1495055229.643177f1~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"resource-agents-debuginfo\", rpm:\"resource-agents-debuginfo~4.0.1+git.1495055229.643177f1~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"resource-agents-debugsource\", rpm:\"resource-agents-debugsource~4.0.1+git.1495055229.643177f1~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba\", rpm:\"samba~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo\", rpm:\"samba-client-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-core-devel\", rpm:\"samba-core-devel~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debuginfo\", rpm:\"samba-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-debugsource\", rpm:\"samba-debugsource~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs\", rpm:\"samba-libs~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo\", rpm:\"samba-libs-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-pidl\", rpm:\"samba-pidl~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python\", rpm:\"samba-python~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-python-debuginfo\", rpm:\"samba-python-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test\", rpm:\"samba-test~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-test-debuginfo\", rpm:\"samba-test-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo\", rpm:\"samba-winbind-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"monitoring-plugins-metadata\", rpm:\"monitoring-plugins-metadata~4.0.1+git.1495055229.643177f1~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-doc\", rpm:\"samba-doc~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-32bit\", rpm:\"libdcerpc-binding0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-binding0-debuginfo-32bit\", rpm:\"libdcerpc-binding0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-32bit\", rpm:\"libdcerpc-samr0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc-samr0-debuginfo-32bit\", rpm:\"libdcerpc-samr0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-32bit\", rpm:\"libdcerpc0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdcerpc0-debuginfo-32bit\", rpm:\"libdcerpc0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-32bit\", rpm:\"libndr-krb5pac0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-krb5pac0-debuginfo-32bit\", rpm:\"libndr-krb5pac0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-32bit\", rpm:\"libndr-nbt0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-nbt0-debuginfo-32bit\", rpm:\"libndr-nbt0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-32bit\", rpm:\"libndr-standard0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr-standard0-debuginfo-32bit\", rpm:\"libndr-standard0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-32bit\", rpm:\"libndr0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libndr0-debuginfo-32bit\", rpm:\"libndr0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-32bit\", rpm:\"libnetapi0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libnetapi0-debuginfo-32bit\", rpm:\"libnetapi0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-32bit\", rpm:\"libsamba-credentials0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-credentials0-debuginfo-32bit\", rpm:\"libsamba-credentials0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0-32bit\", rpm:\"libsamba-errors0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-errors0-debuginfo-32bit\", rpm:\"libsamba-errors0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-32bit\", rpm:\"libsamba-hostconfig0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-hostconfig0-debuginfo-32bit\", rpm:\"libsamba-hostconfig0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-32bit\", rpm:\"libsamba-passdb0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-passdb0-debuginfo-32bit\", rpm:\"libsamba-passdb0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-32bit\", rpm:\"libsamba-policy0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-policy0-debuginfo-32bit\", rpm:\"libsamba-policy0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-32bit\", rpm:\"libsamba-util0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamba-util0-debuginfo-32bit\", rpm:\"libsamba-util0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-32bit\", rpm:\"libsamdb0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsamdb0-debuginfo-32bit\", rpm:\"libsamdb0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-32bit\", rpm:\"libsmbclient0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbclient0-debuginfo-32bit\", rpm:\"libsmbclient0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-32bit\", rpm:\"libsmbconf0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbconf0-debuginfo-32bit\", rpm:\"libsmbconf0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-32bit\", rpm:\"libsmbldap0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libsmbldap0-debuginfo-32bit\", rpm:\"libsmbldap0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-32bit\", rpm:\"libtevent-util0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libtevent-util0-debuginfo-32bit\", rpm:\"libtevent-util0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-32bit\", rpm:\"libwbclient0-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libwbclient0-debuginfo-32bit\", rpm:\"libwbclient0-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-ceph\", rpm:\"samba-ceph~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-ceph-debuginfo\", rpm:\"samba-ceph-debuginfo~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-32bit\", rpm:\"samba-client-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-client-debuginfo-32bit\", rpm:\"samba-client-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-32bit\", rpm:\"samba-libs-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-libs-debuginfo-32bit\", rpm:\"samba-libs-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-32bit\", rpm:\"samba-winbind-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"samba-winbind-debuginfo-32bit\", rpm:\"samba-winbind-debuginfo-32bit~4.6.7+git.38.90b2cdb4f22~3.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310873001", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873001", "type": "openvas", "title": "Fedora Update for heimdal FEDORA-2017-2afe501b36", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_2afe501b36_heimdal_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for heimdal FEDORA-2017-2afe501b36\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873001\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:09 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-11103\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for heimdal FEDORA-2017-2afe501b36\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'heimdal'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"heimdal on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-2afe501b36\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFA74JEHB37VK7RHAO2T2CFBBC6M2J4L\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"heimdal\", rpm:\"heimdal~7.4.0~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "This host is running Samba and is prone\n to a MITM authentication validation bypass vulnerability.", "modified": "2018-10-15T00:00:00", "published": "2017-07-13T00:00:00", "id": "OPENVAS:1361412562310811522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811522", "type": "openvas", "title": "Samba Man in the Middle Security Bypass Vulnerability (Heimdal)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_samba_mim_security_bypass_vuln.nasl 11901 2018-10-15 08:47:18Z mmartin $\n#\n# Samba Man in the Middle Security Bypass Vulnerability (Heimdal)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:samba:samba\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811522\");\n script_version(\"$Revision: 11901 $\");\n script_cve_id(\"CVE-2017-11103\");\n script_bugtraq_id(99551);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-15 10:47:18 +0200 (Mon, 15 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-13 12:28:31 +0530 (Thu, 13 Jul 2017)\");\n script_name(\"Samba Man in the Middle Security Bypass Vulnerability (Heimdal)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"smb_nativelanman.nasl\", \"gb_samba_detect.nasl\");\n script_mandatory_keys(\"samba/smb_or_ssh/detected\");\n\n script_xref(name:\"URL\", value:\"https://www.samba.org/samba/security/CVE-2017-11103.html\");\n\n script_tag(name:\"summary\", value:\"This host is running Samba and is prone\n to a MITM authentication validation bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in function\n '_krb5_extract_ticket' where the KDC-REP service name must be obtained from\n encrypted version stored in 'enc_part' instead of the unencrypted version\n stored in 'ticket'. Use of the unecrypted version provides an opportunity\n for successful server impersonation and other attacks.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue will allow\n a MITM attacker to impersonate a trusted server and thus gain elevated access\n to the domain by returning malicious replication or authorization data.\");\n\n script_tag(name:\"affected\", value:\"All versions of Samba from 4.0.0 before\n 4.6.6 or 4.5.12 or 4.4.15.\n\n Note: All versions of Samba from 4.0.0 onwards using embedded Heimdal Kerberos.\n Samba binaries built against MIT Kerberos are not vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Samba 4.6.6 or 4.5.12 or 4.4.15\n or later or apply the patch from below.\");\n\n script_xref(name:\"URL\", value:\"https://www.samba.org/samba/security\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\nvers = infos['version'];\nloc = infos['location'];\n\nif(vers =~ \"^4\\.\"){\n if(version_is_less(version:vers, test_version:\"4.4.15\")){\n fix = \"4.4.15\";\n }\n\n else if(vers =~ \"^4\\.5\" && version_is_less(version:vers, test_version:\"4.5.12\")){\n fix = \"4.5.12\";\n }\n\n else if(vers =~ \"^4\\.6\" && version_is_less(version:vers, test_version:\"4.6.6\")){\n fix = \"4.6.6\";\n }\n}\n\nif(fix){\n report = report_fixed_ver( installed_version:vers, fixed_version:fix, install_path:loc );\n security_message( data:report, port:port);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-07-16T00:00:00", "id": "OPENVAS:1361412562310843243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843243", "type": "openvas", "title": "Ubuntu Update for samba USN-3353-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3353_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for samba USN-3353-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843243\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-16 07:22:40 +0200 (Sun, 16 Jul 2017)\");\n script_cve_id(\"CVE-2017-11103\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for samba USN-3353-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'samba'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3353-1 fixed a vulnerability in\nHeimdal. This update provides the corresponding update for Samba.\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered\nthat Samba clients incorrectly trusted unauthenticated portions of\nKerberos tickets. A remote attacker could use this to impersonate\ntrusted network servers or perform other attacks.\");\n script_tag(name:\"affected\", value:\"samba on Ubuntu 17.04,\n Ubuntu 16.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3353-2\");\n script_xref(name:\"URL\", value:\"https://www.ubuntu.com/usn/usn-3353-2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:amd64\", ver:\"2:4.3.11+dfsg-0ubuntu0.14.04.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:i386\", ver:\"2:4.3.11+dfsg-0ubuntu0.14.04.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:amd64\", ver:\"2:4.5.8+dfsg-0ubuntu0.17.04.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:i386\", ver:\"2:4.5.8+dfsg-0ubuntu0.17.04.4\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:amd64\", ver:\"2:4.4.5+dfsg-2ubuntu5.8\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:i386\", ver:\"2:4.4.5+dfsg-2ubuntu5.8\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:amd64\", ver:\"2:4.3.11+dfsg-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"samba-libs:i386\", ver:\"2:4.3.11+dfsg-0ubuntu0.16.04.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-08-10T11:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "description": "Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible with\nMIT Kerberos, trusts metadata taken from the unauthenticated plaintext\n(Ticket), rather than the authenticated and encrypted KDC response. A\nman-in-the-middle attacker can use this flaw to impersonate services to\nthe client.\n\nSee https://orpheus-lyre.info/ \nfor details.", "modified": "2017-07-26T00:00:00", "published": "2017-07-16T00:00:00", "id": "OPENVAS:703912", "href": "http://plugins.openvas.org/nasl.php?oid=703912", "type": "openvas", "title": "Debian Security Advisory DSA 3912-1 (heimdal - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3912.nasl 6800 2017-07-26 06:58:22Z cfischer $\n# Auto-generated from advisory DSA 3912-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703912);\n script_version(\"$Revision: 6800 $\");\n script_cve_id(\"CVE-2017-11103\");\n script_name(\"Debian Security Advisory DSA 3912-1 (heimdal - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-26 08:58:22 +0200 (Wed, 26 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2017-07-16 00:00:00 +0200 (Sun, 16 Jul 2017)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2017/dsa-3912.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"heimdal on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (jessie), this problem has been fixed\nin version 1.6~rc2+dfsg-9+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.1.0+dfsg-13+deb9u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.4.0.dfsg.1-1.\n\nWe recommend that you upgrade your heimdal packages.\");\n script_tag(name: \"summary\", value: \"Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible with\nMIT Kerberos, trusts metadata taken from the unauthenticated plaintext\n(Ticket), rather than the authenticated and encrypted KDC response. A\nman-in-the-middle attacker can use this flaw to impersonate services to\nthe client.\n\nSee https://orpheus-lyre.info/ \nfor details.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"heimdal-clients\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-dbg\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-dev\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-docs\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-kcm\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-kdc\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-multidev\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-servers\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libasn1-8-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgssapi3-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libhcrypto4-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libhdb9-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libheimbase1-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libheimntlm0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libhx509-5-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5clnt7-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5srv8-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkafs0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkdc2-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libotp0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libroken18-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsl0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwind0-heimdal\", ver:\"7.1.0+dfsg-13+deb9u1\", rls_regex:\"DEB9.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-clients\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-clients-x\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-dbg\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-dev\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-docs\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-kcm\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-kdc\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-multidev\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-servers\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"heimdal-servers-x\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libasn1-8-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgssapi3-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libhcrypto4-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libhdb9-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libheimbase1-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libheimntlm0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libhx509-5-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5clnt7-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkadm5srv8-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkafs0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkdc2-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkrb5-26-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libotp0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libroken18-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsl0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libwind0-heimdal\", ver:\"1.6~rc2+dfsg-9+deb8u1\", rls_regex:\"DEB8.[0-9]+\", remove_arch:TRUE )) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "software", "cvelist": ["CVE-2017-11103"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.32\n * 3363.x versions prior to 3363.29\n * 3421.x versions prior to 3421.18\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.138.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions prior to 3312.32\n * Upgrade 3363.x versions prior to 3363.29\n * Upgrade 3421.x versions prior to 3421.18\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.138.0 or later.\n\n# References\n\n * [USN-3353-1](<http://www.ubuntu.com/usn/usn-3353-1/>)\n * [CVE-2017-11103](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11103>)\n", "edition": 5, "modified": "2017-08-04T00:00:00", "published": "2017-08-04T00:00:00", "id": "CFOUNDRY:9BFEEE7CDA0C7EC05BB66A53A89CC49D", "href": "https://www.cloudfoundry.org/blog/usn-3353-1/", "title": "USN-3353-1: Heimdal vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:15:38", "description": "Update to 7.4.0 GA release (CVE-2017-11103)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-24T00:00:00", "title": "Fedora 26 : heimdal (2017-2afe501b36) (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2017-07-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:heimdal", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-2AFE501B36.NASL", "href": "https://www.tenable.com/plugins/nessus/101915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-2afe501b36.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101915);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11103\");\n script_xref(name:\"FEDORA\", value:\"2017-2afe501b36\");\n\n script_name(english:\"Fedora 26 : heimdal (2017-2afe501b36) (Orpheus' Lyre)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 7.4.0 GA release (CVE-2017-11103)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2afe501b36\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected heimdal package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"heimdal-7.4.0-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"heimdal\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:38:26", "description": "Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in Heimdal Kerberos. Also known as\nOrpheus' Lyre, this vulnerability could be used by an attacker to\nmount a service impersonation attack on the client if he's on the\nnetwork path between the client and the service.\n\nMore details can be found on the vulnerability website\n(https://orpheus-lyre.info/).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.6~git20120403+dfsg1-2+deb7u1.\n\nWe recommend that you upgrade your heimdal packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Debian DLA-1027-1 : heimdal security update (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:heimdal-servers", "p-cpe:/a:debian:debian_linux:libkadm5clnt7-heimdal", "p-cpe:/a:debian:debian_linux:libsl0-heimdal", "p-cpe:/a:debian:debian_linux:libkrb5-26-heimdal", "p-cpe:/a:debian:debian_linux:heimdal-dbg", "p-cpe:/a:debian:debian_linux:libkdc2-heimdal", "p-cpe:/a:debian:debian_linux:libkadm5srv8-heimdal", "p-cpe:/a:debian:debian_linux:libkafs0-heimdal", "p-cpe:/a:debian:debian_linux:libheimbase1-heimdal", "p-cpe:/a:debian:debian_linux:libasn1-8-heimdal", "p-cpe:/a:debian:debian_linux:heimdal-kdc", "p-cpe:/a:debian:debian_linux:libroken18-heimdal", "p-cpe:/a:debian:debian_linux:libgssapi3-heimdal", "p-cpe:/a:debian:debian_linux:libhdb9-heimdal", "p-cpe:/a:debian:debian_linux:heimdal-multidev", "p-cpe:/a:debian:debian_linux:heimdal-clients", "p-cpe:/a:debian:debian_linux:heimdal-kcm", "p-cpe:/a:debian:debian_linux:libhx509-5-heimdal", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:heimdal-servers-x", "p-cpe:/a:debian:debian_linux:heimdal-dev", "p-cpe:/a:debian:debian_linux:heimdal-docs", "p-cpe:/a:debian:debian_linux:libhcrypto4-heimdal", "p-cpe:/a:debian:debian_linux:libheimntlm0-heimdal", "p-cpe:/a:debian:debian_linux:libotp0-heimdal", "p-cpe:/a:debian:debian_linux:heimdal-clients-x", "p-cpe:/a:debian:debian_linux:libwind0-heimdal"], "id": "DEBIAN_DLA-1027.NASL", "href": "https://www.tenable.com/plugins/nessus/101553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1027-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101553);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11103\");\n\n script_name(english:\"Debian DLA-1027-1 : heimdal security update (Orpheus' Lyre)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in Heimdal Kerberos. Also known as\nOrpheus' Lyre, this vulnerability could be used by an attacker to\nmount a service impersonation attack on the client if he's on the\nnetwork path between the client and the service.\n\nMore details can be found on the vulnerability website\n(https://orpheus-lyre.info/).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.6~git20120403+dfsg1-2+deb7u1.\n\nWe recommend that you upgrade your heimdal packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://orpheus-lyre.info/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/heimdal\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-clients-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-kcm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-kdc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-multidev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-servers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal-servers-x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libasn1-8-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libgssapi3-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libhcrypto4-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libhdb9-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libheimbase1-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libheimntlm0-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libhx509-5-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkadm5clnt7-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkadm5srv8-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkafs0-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkdc2-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkrb5-26-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libotp0-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libroken18-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsl0-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwind0-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-clients\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-clients-x\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-dbg\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-dev\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-docs\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-kcm\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-kdc\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-multidev\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-servers\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"heimdal-servers-x\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libasn1-8-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libgssapi3-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libhcrypto4-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libhdb9-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libheimbase1-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libheimntlm0-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libhx509-5-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkadm5clnt7-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkadm5srv8-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkafs0-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkdc2-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkrb5-26-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libotp0-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libroken18-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libsl0-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libwind0-heimdal\", reference:\"1.6~git20120403+dfsg1-2+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:50:25", "description": "Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in samba, the SMB/CIFS file,\nprint, and login server. Also known as Orpheus' Lyre, this\nvulnerability is located in Samba Kerberos Key Distribution Center\n(KDC-REP) component and could be used by an attacker on the network\npath to impersonate a server.\n\nMore details can be found on the vulnerability website (\nhttps://orpheus-lyre.info/) and on the Samba project website (\nhttps://www.samba.org/samba/security/CVE-2017-11103.html)", "edition": 30, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Debian DSA-3909-1 : samba - security update (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:samba", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3909.NASL", "href": "https://www.tenable.com/plugins/nessus/101554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3909. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101554);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11103\");\n script_xref(name:\"DSA\", value:\"3909\");\n\n script_name(english:\"Debian DSA-3909-1 : samba - security update (Orpheus' Lyre)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in samba, the SMB/CIFS file,\nprint, and login server. Also known as Orpheus' Lyre, this\nvulnerability is located in Samba Kerberos Key Distribution Center\n(KDC-REP) component and could be used by an attacker on the network\npath to impersonate a server.\n\nMore details can be found on the vulnerability website (\nhttps://orpheus-lyre.info/) and on the Samba project website (\nhttps://www.samba.org/samba/security/CVE-2017-11103.html)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://orpheus-lyre.info/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2017-11103.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/samba\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3909\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the samba packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2:4.2.14+dfsg-0+deb8u7.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2:4.5.8+dfsg-2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libnss-winbind\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpam-smbpass\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpam-winbind\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libparse-pidl-perl\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbclient\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbclient-dev\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbsharemodes-dev\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsmbsharemodes0\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwbclient-dev\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwbclient0\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python-samba\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"registry-tools\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-common\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-common-bin\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-dbg\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-dev\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-doc\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-dsdb-modules\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-libs\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-testsuite\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"samba-vfs-modules\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"smbclient\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"winbind\", reference:\"2:4.2.14+dfsg-0+deb8u7\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ctdb\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnss-winbind\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpam-winbind\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libparse-pidl-perl\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libsmbclient\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libsmbclient-dev\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwbclient-dev\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwbclient0\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python-samba\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"registry-tools\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-common\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-common-bin\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-dev\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-dsdb-modules\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-libs\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-testsuite\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"samba-vfs-modules\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"smbclient\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"winbind\", reference:\"2:4.5.8+dfsg-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:50:25", "description": "Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible\nwith MIT Kerberos, trusts metadata taken from the unauthenticated\nplaintext (Ticket), rather than the authenticated and encrypted KDC\nresponse. A man-in-the-middle attacker can use this flaw to\nimpersonate services to the client.\n\nSee https://orpheus-lyre.info/ for details.", "edition": 29, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Debian DSA-3912-1 : heimdal - security update (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2017-07-17T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:heimdal", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3912.NASL", "href": "https://www.tenable.com/plugins/nessus/101557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3912. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101557);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11103\");\n script_xref(name:\"DSA\", value:\"3912\");\n\n script_name(english:\"Debian DSA-3912-1 : heimdal - security update (Orpheus' Lyre)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible\nwith MIT Kerberos, trusts metadata taken from the unauthenticated\nplaintext (Ticket), rather than the authenticated and encrypted KDC\nresponse. A man-in-the-middle attacker can use this flaw to\nimpersonate services to the client.\n\nSee https://orpheus-lyre.info/ for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://orpheus-lyre.info/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/heimdal\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/heimdal\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3912\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the heimdal packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6~rc2+dfsg-9+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.1.0+dfsg-13+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/16\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-clients\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-clients-x\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-dbg\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-dev\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-docs\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-kcm\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-kdc\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-multidev\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-servers\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"heimdal-servers-x\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libasn1-8-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libgssapi3-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libhcrypto4-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libhdb9-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libheimbase1-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libheimntlm0-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libhx509-5-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libkadm5clnt7-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libkadm5srv8-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libkafs0-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libkdc2-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libkrb5-26-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libotp0-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libroken18-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libsl0-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libwind0-heimdal\", reference:\"1.6~rc2+dfsg-9+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-clients\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-dbg\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-dev\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-docs\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-kcm\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-kdc\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-multidev\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"heimdal-servers\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libasn1-8-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libgssapi3-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libhcrypto4-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libhdb9-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libheimbase1-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libheimntlm0-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libhx509-5-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libkadm5clnt7-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libkadm5srv8-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libkafs0-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libkdc2-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libkrb5-26-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libotp0-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libroken18-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libsl0-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libwind0-heimdal\", reference:\"7.1.0+dfsg-13+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:33:38", "description": "This update provides Samba 4.6.7, which fixes the following issues :\n\n - CVE-2017-11103: Metadata were being taken from the\n unauthenticated plaintext (the Ticket) rather than the\n authenticated and encrypted KDC response. (bsc#1048278)\n\n - Fix cephwrap_chdir(). (bsc#1048790)\n\n - Fix ctdb logs to /var/log/log.ctdb instead of\n /var/log/ctdb. (bsc#1048339)\n\n - Fix inconsistent ctdb socket path. (bsc#1048352)\n\n - Fix non-admin cephx authentication. (bsc#1048387)\n\n - CTDB cannot start when there is no persistent database.\n (bsc#1052577)\n\nThe CTDB resource agent was also fixed to not fail when the database\nis empty.\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 18, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-31T00:00:00", "title": "openSUSE Security Update : samba and resource-agents (openSUSE-2017-987) (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2017-08-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:resource-agents-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-32bit", "p-cpe:/a:novell:opensuse:libsamdb0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:ldirectord", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-debuginfo", "p-cpe:/a:novell:opensuse:libsmbldap-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard-devel", "p-cpe:/a:novell:opensuse:libsamba-passdb0", "p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit", "p-cpe:/a:novell:opensuse:samba-python-debuginfo", "p-cpe:/a:novell:opensuse:libsmbconf0", "p-cpe:/a:novell:opensuse:monitoring-plugins-metadata", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0", "p-cpe:/a:novell:opensuse:libndr-nbt-devel", "p-cpe:/a:novell:opensuse:libwbclient0-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo", "p-cpe:/a:novell:opensuse:libtevent-util0", "p-cpe:/a:novell:opensuse:samba-libs-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-passdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-standard0", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:libsmbconf-devel", "p-cpe:/a:novell:opensuse:libsmbclient0-32bit", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient0-debuginfo", "p-cpe:/a:novell:opensuse:samba-test-debuginfo", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:libsamba-credentials-devel", "p-cpe:/a:novell:opensuse:libndr-standard0-32bit", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo", "p-cpe:/a:novell:opensuse:libwbclient-devel", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0", "p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsamdb0", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac-devel", "p-cpe:/a:novell:opensuse:libsmbclient0", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:libsamba-errors0-32bit", "p-cpe:/a:novell:opensuse:libndr-krb5pac0", "p-cpe:/a:novell:opensuse:libsamba-util-devel", "p-cpe:/a:novell:opensuse:libndr-devel", "p-cpe:/a:novell:opensuse:libsamba-errors0", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit", "p-cpe:/a:novell:opensuse:libndr-nbt0-32bit", "p-cpe:/a:novell:opensuse:samba-debugsource", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-winbind-debuginfo", "p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:samba-pidl", "p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libnetapi0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo", "p-cpe:/a:novell:opensuse:samba-client-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libndr0-32bit", "p-cpe:/a:novell:opensuse:samba-winbind-32bit", "p-cpe:/a:novell:opensuse:libnetapi-devel", "p-cpe:/a:novell:opensuse:resource-agents", "p-cpe:/a:novell:opensuse:libnetapi0-32bit", "p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel", "p-cpe:/a:novell:opensuse:libsamdb-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:libsmbconf0-32bit", "p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo", "p-cpe:/a:novell:opensuse:samba-core-devel", "p-cpe:/a:novell:opensuse:libsamba-errors-devel", "p-cpe:/a:novell:opensuse:libsamba-credentials0", "p-cpe:/a:novell:opensuse:libdcerpc0-32bit", "p-cpe:/a:novell:opensuse:libsmbclient-devel", "p-cpe:/a:novell:opensuse:libdcerpc-samr0", "p-cpe:/a:novell:opensuse:libtevent-util0-32bit", "p-cpe:/a:novell:opensuse:samba-ceph-debuginfo", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:libnetapi0", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:ctdb-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo", "p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo", "p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libwbclient0", "p-cpe:/a:novell:opensuse:samba-python", "p-cpe:/a:novell:opensuse:resource-agents-debugsource", "p-cpe:/a:novell:opensuse:libdcerpc-binding0", "p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo", "p-cpe:/a:novell:opensuse:libndr0", "p-cpe:/a:novell:opensuse:samba-debuginfo", "p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo", "p-cpe:/a:novell:opensuse:libdcerpc-devel", "p-cpe:/a:novell:opensuse:libsmbldap0-32bit", "p-cpe:/a:novell:opensuse:ctdb-tests", "p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit"], "id": "OPENSUSE-2017-987.NASL", "href": "https://www.tenable.com/plugins/nessus/102849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-987.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102849);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11103\");\n\n script_name(english:\"openSUSE Security Update : samba and resource-agents (openSUSE-2017-987) (Orpheus' Lyre)\");\n script_summary(english:\"Check for the openSUSE-2017-987 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides Samba 4.6.7, which fixes the following issues :\n\n - CVE-2017-11103: Metadata were being taken from the\n unauthenticated plaintext (the Ticket) rather than the\n authenticated and encrypted KDC response. (bsc#1048278)\n\n - Fix cephwrap_chdir(). (bsc#1048790)\n\n - Fix ctdb logs to /var/log/log.ctdb instead of\n /var/log/ctdb. (bsc#1048339)\n\n - Fix inconsistent ctdb socket path. (bsc#1048352)\n\n - Fix non-admin cephx authentication. (bsc#1048387)\n\n - CTDB cannot start when there is no persistent database.\n (bsc#1052577)\n\nThe CTDB resource agent was also fixed to not fail when the database\nis empty.\n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1052577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054017\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba and resource-agents packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-tests-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldirectord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-binding0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc-samr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdcerpc0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-krb5pac0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-nbt0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr-standard0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libndr0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnetapi0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-credentials0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-errors0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-hostconfig0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-passdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamdb0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbconf0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmbldap0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-util0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libwbclient0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:monitoring-plugins-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:resource-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:resource-agents-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:resource-agents-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-core-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-tests-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ctdb-tests-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ldirectord-4.0.1+git.1495055229.643177f1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-binding0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-samr-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-samr0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc-samr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libdcerpc0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-krb5pac-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-krb5pac0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-nbt-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-nbt0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-standard-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr-standard0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libndr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libnetapi-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libnetapi0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libnetapi0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-credentials-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-credentials0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-errors-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-errors0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-hostconfig-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-hostconfig0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-passdb-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-passdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-policy-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-policy0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-policy0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-util-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamba-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamdb-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamdb0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsamdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbclient-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbconf-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbconf0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbldap-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libsmbldap0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtevent-util-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libtevent-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwbclient-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwbclient0-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libwbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"monitoring-plugins-metadata-4.0.1+git.1495055229.643177f1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"resource-agents-4.0.1+git.1495055229.643177f1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"resource-agents-debuginfo-4.0.1+git.1495055229.643177f1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"resource-agents-debugsource-4.0.1+git.1495055229.643177f1-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-client-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-client-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-core-devel-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-libs-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-libs-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-pidl-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-python-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-python-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-test-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-test-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-winbind-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"samba-winbind-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc-samr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-policy0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-policy0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-ceph-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-ceph-debuginfo-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ldirectord / monitoring-plugins-metadata / resource-agents / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:32:56", "description": "USN-3353-1 fixed a vulnerability in Heimdal. This update provides the\ncorresponding update for Samba.\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that\nSamba clients incorrectly trusted unauthenticated portions of Kerberos\ntickets. A remote attacker could use this to impersonate trusted\nnetwork servers or perform other attacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : samba vulnerability (USN-3353-2) (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:samba-libs", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3353-2.NASL", "href": "https://www.tenable.com/plugins/nessus/101770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3353-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101770);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-11103\");\n script_xref(name:\"USN\", value:\"3353-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : samba vulnerability (USN-3353-2) (Orpheus' Lyre)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3353-1 fixed a vulnerability in Heimdal. This update provides the\ncorresponding update for Samba.\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that\nSamba clients incorrectly trusted unauthenticated portions of Kerberos\ntickets. A remote attacker could use this to impersonate trusted\nnetwork servers or perform other attacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3353-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected samba-libs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"samba-libs\", pkgver:\"2:4.3.11+dfsg-0ubuntu0.14.04.10\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"samba-libs\", pkgver:\"2:4.3.11+dfsg-0ubuntu0.16.04.9\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"samba-libs\", pkgver:\"2:4.4.5+dfsg-2ubuntu5.8\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"samba-libs\", pkgver:\"2:4.5.8+dfsg-0ubuntu0.17.04.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba-libs\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:32:56", "description": "Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that\nHeimdal clients incorrectly trusted unauthenticated portions of\nKerberos tickets. A remote attacker could use this to impersonate\ntrusted network services or perform other attacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : heimdal vulnerability (USN-3353-1) (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libkrb5-26-heimdal", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3353-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3353-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101769);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-11103\");\n script_xref(name:\"USN\", value:\"3353-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : heimdal vulnerability (USN-3353-1) (Orpheus' Lyre)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that\nHeimdal clients incorrectly trusted unauthenticated portions of\nKerberos tickets. A remote attacker could use this to impersonate\ntrusted network services or perform other attacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3353-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libkrb5-26-heimdal package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libkrb5-26-heimdal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libkrb5-26-heimdal\", pkgver:\"1.6~git20131207+dfsg-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libkrb5-26-heimdal\", pkgver:\"1.7~git20150920+dfsg-4ubuntu1.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"libkrb5-26-heimdal\", pkgver:\"1.7~git20150920+dfsg-4ubuntu1.16.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libkrb5-26-heimdal\", pkgver:\"7.1.0+dfsg-9ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libkrb5-26-heimdal\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T06:04:13", "description": "The version of Samba running on the remote host is 4.4.x prior to\n4.4.15, 4.5.x prior to 4.5.12, or 4.6.x prior to 4.6.6. It is,\ntherefore, affected by a logic flaw in the Heimdal implementation of\nKerberos, specifically within the _krb5_extract_ticket() function\nwithin lib/krb5/ticket.c, due to the unsafe use of cleartext metadata\nfrom an unauthenticated ticket instead of the encrypted version stored\nin the Key Distribution Center (KDC) response. A man-in-the-middle\nattacker can exploit this issue to impersonate Kerberos services. This\ncan potentially result in a privilege escalation or the theft of\ncredentials. Note that Samba versions built against MIT Kerberos are\nnot impacted by this issue.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 32, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-17T00:00:00", "title": "Samba 4.4.x < 4.4.15 / 4.5.x < 4.5.12 / 4.6.x < 4.6.6 KDC-REP Service Name Validation (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_4_6_6.NASL", "href": "https://www.tenable.com/plugins/nessus/101773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101773);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-11103\");\n script_bugtraq_id(99551);\n\n script_name(english:\"Samba 4.4.x < 4.4.15 / 4.5.x < 4.5.12 / 4.6.x < 4.6.6 KDC-REP Service Name Validation (Orpheus' Lyre)\");\n script_summary(english:\"Checks the version of Samba.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is affected by a service impersonation\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is 4.4.x prior to\n4.4.15, 4.5.x prior to 4.5.12, or 4.6.x prior to 4.6.6. It is,\ntherefore, affected by a logic flaw in the Heimdal implementation of\nKerberos, specifically within the _krb5_extract_ticket() function\nwithin lib/krb5/ticket.c, due to the unsafe use of cleartext metadata\nfrom an unauthenticated ticket instead of the encrypted version stored\nin the Key Distribution Center (KDC) response. A man-in-the-middle\nattacker can exploit this issue to impersonate Kerberos services. This\ncan potentially result in a privilege escalation or the theft of\ncredentials. Note that Samba versions built against MIT Kerberos are\nnot impacted by this issue.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2017-11103.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.4.15.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.5.12.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/samba-4.6.6.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.orpheus-lyre.info/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 4.4.15 / 4.5.12 / 4.6.6 or later.\n\nAlternatively, if you are not running Samba as an Active Directory\ndomain controller, as a workaround, you can rebuild Samba using the\nfollowing command : ./configure --with-system-mitkrb5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\nlanman = get_kb_item_or_exit(\"SMB/NativeLanManager\");\n\nif (\"Samba \" >!< lanman) audit(AUDIT_NOT_LISTEN, \"Samba\", port);\n\nversion = lanman - 'Samba ';\n\nif (version =~ \"^4(\\.[4-6])?$\")\n audit(AUDIT_VER_NOT_GRANULAR, \"Samba\", port, version);\n\nfix = NULL;\n\nregexes = make_array(-2, \"a(\\d+)\", -1, \"rc(\\d+)\");\n\n# Affected :\n# Note versions prior to 4.4 are EoL\n# 4.4.x < 4.4.15\n# 4.5.x < 4.5.12\n# 4.6.x < 4.6.6\nif (version =~ \"^4\\.4\\.\")\n fix = '4.4.15';\nelse if (version =~ \"^4\\.5\\.\")\n fix = '4.5.12';\nelse if (version =~ \"^4\\.6\\.\")\n fix = '4.6.6';\n\nif ( !isnull(fix) &&\n (ver_compare(ver:version, fix:fix, regexes:regexes) < 0) &&\n (ver_compare(ver:version, fix:'4.0.0', regexes:regexes) >= 0) )\n{\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Samba\", port, version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:54:43", "description": "The samba project reports :\n\nA MITM attacker may impersonate a trusted server and thus gain\nelevated access to the domain by returning malicious replication or\nauthorization data.", "edition": 31, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-14T00:00:00", "title": "FreeBSD : samba -- Orpheus Lyre mutual authentication validation bypass (85851e4f-67d9-11e7-bc37-00505689d4ae) (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2017-07-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:samba42", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:samba43", "p-cpe:/a:freebsd:freebsd:samba44", "p-cpe:/a:freebsd:freebsd:samba45", "p-cpe:/a:freebsd:freebsd:samba46"], "id": "FREEBSD_PKG_85851E4F67D911E7BC3700505689D4AE.NASL", "href": "https://www.tenable.com/plugins/nessus/101541", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101541);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11103\");\n\n script_name(english:\"FreeBSD : samba -- Orpheus Lyre mutual authentication validation bypass (85851e4f-67d9-11e7-bc37-00505689d4ae) (Orpheus' Lyre)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The samba project reports :\n\nA MITM attacker may impersonate a trusted server and thus gain\nelevated access to the domain by returning malicious replication or\nauthorization data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.samba.org/samba/security/CVE-2017-11103.html\"\n );\n # https://vuxml.freebsd.org/freebsd/85851e4f-67d9-11e7-bc37-00505689d4ae.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a92515d2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba42\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba43\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba45\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba46\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"samba42<4.2.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba43<4.3.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba44<4.4.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba45<4.5.12\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"samba46<4.6.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T14:26:12", "description": "This update provides Samba 4.6.7, which fixes the following issues :\n\n - CVE-2017-11103: Metadata were being taken from the\n unauthenticated plaintext (the Ticket) rather than the\n authenticated and encrypted KDC response. (bsc#1048278)\n\n - Fix cephwrap_chdir(). (bsc#1048790)\n\n - Fix ctdb logs to /var/log/log.ctdb instead of\n /var/log/ctdb. (bsc#1048339)\n\n - Fix inconsistent ctdb socket path. (bsc#1048352)\n\n - Fix non-admin cephx authentication. (bsc#1048387)\n\n - CTDB cannot start when there is no persistent database.\n (bsc#1052577) The CTDB resource agent was also fixed to\n not fail when the database is empty.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-23T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : samba / resource-agents (SUSE-SU-2017:2237-1) (Orpheus", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11103"], "modified": "2017-08-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-debugsource", "p-cpe:/a:novell:suse_linux:samba-debuginfo", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo", "p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo", "p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:samba-libs-debuginfo", "p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo", "p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo"], "id": "SUSE_SU-2017-2237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2237-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102696);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11103\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : samba / resource-agents (SUSE-SU-2017:2237-1) (Orpheus' Lyre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides Samba 4.6.7, which fixes the following issues :\n\n - CVE-2017-11103: Metadata were being taken from the\n unauthenticated plaintext (the Ticket) rather than the\n authenticated and encrypted KDC response. (bsc#1048278)\n\n - Fix cephwrap_chdir(). (bsc#1048790)\n\n - Fix ctdb logs to /var/log/log.ctdb instead of\n /var/log/ctdb. (bsc#1048339)\n\n - Fix inconsistent ctdb socket path. (bsc#1048352)\n\n - Fix non-admin cephx authentication. (bsc#1048387)\n\n - CTDB cannot start when there is no persistent database.\n (bsc#1052577) The CTDB resource agent was also fixed to\n not fail when the database is empty.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048339\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11103/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172237-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9dbbbb56\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1367=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1367=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2017-1367=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1367=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libdcerpc0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr-standard0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libndr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libnetapi0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamba-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsamdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbconf0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libsmbldap0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libtevent-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libwbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-client-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-libs-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"samba-winbind-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc-binding0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libdcerpc0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-krb5pac0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-nbt0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr-standard0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libndr0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libnetapi0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-credentials0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-errors0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-hostconfig0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-passdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamba-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsamdb0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbconf0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libsmbldap0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libtevent-util0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libwbclient0-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-client-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-debugsource-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-libs-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-32bit-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"samba-winbind-debuginfo-4.6.7+git.38.90b2cdb4f22-3.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba / resource-agents\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:21", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/samba-4.4.15-i586-1_slack14.2.txz: Upgraded.\n This update fixes an authentication validation bypass security issue:\n \"Orpheus' Lyre mutual authentication validation bypass\"\n All versions of Samba from 4.0.0 onwards using embedded Heimdal\n Kerberos are vulnerable to a man-in-the-middle attack impersonating\n a trusted server, who may gain elevated access to the domain by\n returning malicious replication or authorization data.\n Samba binaries built against MIT Kerberos are not vulnerable.\n For more information, see:\n https://www.samba.org/samba/security/CVE-2017-11103.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/samba-4.4.15-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/samba-4.4.15-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/samba-4.4.15-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/samba-4.4.15-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/samba-4.4.15-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/samba-4.4.15-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.6.6-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.6.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n630068826ccb4143f05b0f69a930ae26 samba-4.4.15-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ncec3dbc80c5b98514fe00a49af2b14a4 samba-4.4.15-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n39dd6d41675f108f3ffd29220b49ffea samba-4.4.15-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n98c679570096bd9af311b10e381ed144 samba-4.4.15-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n66b42142d08232dcd9f6a6cd3ca55d0b samba-4.4.15-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n57e1fb274d74cf8df9ecb0e706681be2 samba-4.4.15-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n029388cff26f56eb9e64cf8fa87a262b n/samba-4.6.6-i586-1.txz\n\nSlackware x86_64 -current package:\n3d99d640868c25c3ebfdbbd85777e34e n/samba-4.6.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-4.4.15-i586-1_slack14.2.txz\n\nThen, if Samba is running restart it:\n\n > /etc/rc.d/rc.samba restart", "modified": "2017-07-14T22:13:34", "published": "2017-07-14T22:13:34", "id": "SSA-2017-195-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.458982", "type": "slackware", "title": "[slackware-security] samba", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "samba": [{"lastseen": "2020-12-24T13:20:56", "bulletinFamily": "software", "cvelist": ["CVE-2017-11103"], "description": "All versions of Samba from 4.0.0 include an embedded copy of Heimdal Kerberos. Heimdal has made a security release, which disclosed:\nFix CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation\n This is a critical vulnerability.\n In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks.\n Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.\n See https://www.orpheus-lyre.info/ for more details.\nThe impact for Samba is particularly strong for cases where the Samba DRS replication service contacts another DC requesting replication of user passwords, as these could then be controlled by the attacker.", "edition": 6, "modified": "2017-07-12T00:00:00", "published": "2017-07-12T00:00:00", "id": "SAMBA:CVE-2017-11103(HEIMDAL)", "href": "https://www.samba.org/samba/security/CVE-2017-11103.html", "title": "Orpheus' Lyre mutual authentication validation bypass ", "type": "samba", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-24T01:19:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3909-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nJuly 14, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : samba\nCVE ID : CVE-2017-11103\nDebian Bug : 868209\n\nJeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in samba, the SMB/CIFS file, print, and\nlogin server. Also known as Orpheus&#x27; Lyre, this vulnerability is located in\nSamba Kerberos Key Distribution Center (KDC-REP) component and could be used by\nan attacker on the network path to impersonate a server. \n\nMore details can be found on the vulnerability website\n(https://orpheus-lyre.info/) and on the Samba project website\n(https://www.samba.org/samba/security/CVE-2017-11103.html) \n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2:4.2.14+dfsg-0+deb8u7.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2:4.5.8+dfsg-2+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 2:4.6.5+dfsg-4.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:4.6.5+dfsg-4.\n\nWe recommend that you upgrade your samba packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2017-07-14T12:27:10", "published": "2017-07-14T12:27:10", "id": "DEBIAN:DSA-3909-1:5F09A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00170.html", "title": "[SECURITY] [DSA 3909-1] samba security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-28T01:23:16", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3912-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 16, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : heimdal\nCVE ID : CVE-2017-11103\nDebian Bug : 868208\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible with\nMIT Kerberos, trusts metadata taken from the unauthenticated plaintext\n(Ticket), rather than the authenticated and encrypted KDC response. A\nman-in-the-middle attacker can use this flaw to impersonate services to\nthe client.\n\nSee https://orpheus-lyre.info/ for details.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6~rc2+dfsg-9+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 7.1.0+dfsg-13+deb9u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 7.4.0.dfsg.1-1.\n\nWe recommend that you upgrade your heimdal packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2017-07-16T13:04:29", "published": "2017-07-16T13:04:29", "id": "DEBIAN:DSA-3912-1:7E679", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00173.html", "title": "[SECURITY] [DSA 3912-1] heimdal security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-30T02:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "Package : heimdal\nVersion : 1.6~git20120403+dfsg1-2+deb7u1\nCVE ID : CVE-2017-11103\nDebian Bug : 868208\n\nJeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in Heimdal Kerberos. Also known as\nOrpheus&#x27; Lyre, this vulnerability could be used by an attacker to mount\na service impersonation attack on the client if he&#x27;s on the network\npath between the client and the service.\n\nMore details can be found on the vulnerability website\n(https://orpheus-lyre.info/).\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n1.6~git20120403+dfsg1-2+deb7u1.\n\nWe recommend that you upgrade your heimdal packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-07-14T13:51:56", "published": "2017-07-14T13:51:56", "id": "DEBIAN:DLA-1027-1:8D27C", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201707/msg00019.html", "title": "[SECURITY] [DLA 1027-1] heimdal security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:03", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba.\n\nOriginal advisory details:\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered \nthat Samba clients incorrectly trusted unauthenticated portions \nof Kerberos tickets. A remote attacker could use this to impersonate \ntrusted network services or perform other attacks.", "edition": 6, "modified": "2017-07-24T00:00:00", "published": "2017-07-24T00:00:00", "id": "USN-3353-4", "href": "https://ubuntu.com/security/notices/USN-3353-4", "title": "Samba vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:40:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "USN-3353-1 fixed a vulnerability in Heimdal. This update provides \nthe corresponding update for Samba.\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered \nthat Samba clients incorrectly trusted unauthenticated portions of \nKerberos tickets. A remote attacker could use this to impersonate \ntrusted network servers or perform other attacks.", "edition": 5, "modified": "2017-07-14T00:00:00", "published": "2017-07-14T00:00:00", "id": "USN-3353-2", "href": "https://ubuntu.com/security/notices/USN-3353-2", "title": "Samba vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:39:59", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "USN-3353-1 fixed a vulnerability in Heimdal. This update provides \nthe corresponding updade for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nJeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered \nthat Heimdal clients incorrectly trusted unauthenticated portions \nof Kerberos tickets. A remote attacker could use this to impersonate \ntrusted network services or perform other attacks.", "edition": 6, "modified": "2017-07-24T00:00:00", "published": "2017-07-24T00:00:00", "id": "USN-3353-3", "href": "https://ubuntu.com/security/notices/USN-3353-3", "title": "Heimdal vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:45:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered \nthat Heimdal clients incorrectly trusted unauthenticated portions \nof Kerberos tickets. A remote attacker could use this to impersonate \ntrusted network services or perform other attacks.", "edition": 5, "modified": "2017-07-14T00:00:00", "published": "2017-07-14T00:00:00", "id": "USN-3353-1", "href": "https://ubuntu.com/security/notices/USN-3353-1", "title": "Heimdal vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-08-31T04:11:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "This update provides Samba 4.6.7, which fixes the following issues:\n\n - CVE-2017-11103: Metadata were being taken from the unauthenticated\n plaintext (the Ticket) rather than the authenticated and encrypted KDC\n response. (bsc#1048278)\n - Fix cephwrap_chdir(). (bsc#1048790)\n - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb.\n (bsc#1048339)\n - Fix inconsistent ctdb socket path. (bsc#1048352)\n - Fix non-admin cephx authentication. (bsc#1048387)\n - CTDB cannot start when there is no persistent database. (bsc#1052577)\n\n The CTDB resource agent was also fixed to not fail when the database is\n empty.\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2017-08-31T03:09:47", "published": "2017-08-31T03:09:47", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00077.html", "id": "OPENSUSE-SU-2017:2311-1", "title": "Security update for samba and resource-agents (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-22T23:07:24", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "This update provides Samba 4.6.7, which fixes the following issues:\n\n - CVE-2017-11103: Metadata were being taken from the unauthenticated\n plaintext (the Ticket) rather than the authenticated and encrypted KDC\n response. (bsc#1048278)\n - Fix cephwrap_chdir(). (bsc#1048790)\n - Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb.\n (bsc#1048339)\n - Fix inconsistent ctdb socket path. (bsc#1048352)\n - Fix non-admin cephx authentication. (bsc#1048387)\n - CTDB cannot start when there is no persistent database. (bsc#1052577)\n\n The CTDB resource agent was also fixed to not fail when the database is\n empty.\n\n", "edition": 1, "modified": "2017-08-22T21:12:07", "published": "2017-08-22T21:12:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00063.html", "id": "SUSE-SU-2017:2237-1", "title": "Security update for samba and resource-agents (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cisa": [{"lastseen": "2021-02-24T18:07:42", "bulletinFamily": "info", "cvelist": ["CVE-2017-11103"], "description": "The Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A remote attacker could exploit this vulnerability to take control of an affected system.\n\nUS-CERT encourages users and administrators to review Samba's [Security Announcement](<https://www.samba.org/samba/security/CVE-2017-11103.html>) and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates>); we'd welcome your feedback.\n", "modified": "2017-07-12T00:00:00", "published": "2017-07-12T00:00:00", "id": "CISA:F55DAC81E41CEEB397FF101A6BFE212E", "href": "https://us-cert.cisa.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates", "type": "cisa", "title": "Samba Releases Security Updates", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec (rfc1510 and successors) including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center server and support for ticket delegation (S4U2Self, S4U2Proxy). This package can coexist with MIT Kerberos 5 packages. Hesiod is disabled by default since it is deemed too big a security risk by the packager. ", "modified": "2017-07-23T22:56:26", "published": "2017-07-23T22:56:26", "id": "FEDORA:D55AE6075B3D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: heimdal-7.4.0-1.fc25", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11103"], "description": "\nThe samba project reports:\n\nA MITM attacker may impersonate a trusted server and thus gain elevated access to the domain by\n\t returning malicious replication or authorization data.\n\n", "edition": 5, "modified": "2017-07-12T00:00:00", "published": "2017-07-12T00:00:00", "id": "85851E4F-67D9-11E7-BC37-00505689D4AE", "href": "https://vuxml.freebsd.org/freebsd/85851e4f-67d9-11e7-bc37-00505689d4ae.html", "title": "samba -- Orpheus Lyre mutual authentication validation bypass", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "myhack58": [{"lastseen": "2017-07-18T08:19:20", "bulletinFamily": "info", "cvelist": ["CVE-2017-11103", "CVE-2017-8495"], "edition": 1, "description": "! [](/Article/UploadPic/2017-7/201771812151434. png? www. myhack58. com) \nKerberos this is a noun derived from the Greek mythology\u201cthe three heads of the dog--Hades the Keeper of the dog,\u201din the system is an authentication Protocol that uses tickets to allow nodes in an insecure network environment to communicate securely, it is possible to prevent eavesdropping, to prevent replay attacks, protect data integrity. Hackers can exploit vulnerabilities to upgrade their network permissions, you can also access network resources, such as steal your password. \nThe three researchers discovered this vulnerability, they named it\u201cOrpheus's harp\u201dbecause it's a similar principle to the Greek poet Orpheus with a harp hypnosis goalkeeping dog in the process. \nThe researchers also found that this vulnerability affects Kerberos version dates back to 1996, due to the age of Kerberos with other implementations. This time the vulnerability affects 3 implementation of 2-Heimdal Kerberos and Microsoft Kerberos. The MIT Kerberos implementation is not affected. \n\u201cOrpheus harp\u201dto bypass the Kerberos authentication \nThe vulnerability affects Kerberos v5, the use of Kerberos Protocol in the ticket. ticket is a network node between the transmission of the message, used to authenticate services and users. \nSent to the network, not ticket all the part will be encrypted, usually Kerberos will check the message in the encrypted part so as to perform authentication. \nWhile the researchers found a way to force Kerberos Protocol uses plain text and without encryption portion of the authentication. \n\u201c_krb5_extract_ticket()in the KDC-REP service name must come from\u2019enc_part\u2019in the encrypted information, rather than the\u2019ticket\u2019is not stored in the encryption information. Using the unencrypted information would allow a hacker on the server spoofing or other attacks.\u201d Heimdal's developers said. \nIf a hacker has captured the corporate network or the ability to perform MiTM attack, he can intercept and modify the plain text ticket portion, thereby bypassing the Kerberos authentication, and thus access to the company's internal resources. Vulnerability has not yet been the use of cases, and hackers need to get ahead within the network portion of the resource, nevertheless, this vulnerability is still very dangerous, because an attacker can take to expand the internal network of the privilege. \nWindows, Debian, FreeBSD, Samba have been fixed \nThe researcher contacted using the Kerberos Protocol each project. Microsoft on last Tuesday's patch push has been to fix their Kerberos Vulnerability(CVE-2017-8495)\u3002 \nDebian, FreeBSD and Samba the three projects using Heimdal Kerberos, also has released a patch, numbered CVE-2017-11103\u3002 While Red Hat uses MIT Kerberos, so RHEL users are not affected. \nIt is interesting that different vendors of this vulnerability rating is also different, the researchers, Samba and Heimdal are the vulnerability rating of\u201csevere(Critical)\u201d, Microsoft and Linux vendors are rated as\u201cimportant(important)\u201dor\u201cin-risk(medium)\u201d is. \nDiscover the vulnerability of the researcher are AuriStor founder Jeffrey Altman, and from Two Sigma Investments company Viktor Dukhovni, and Nicolas Williams. \nAltman explained that to remove the unencrypted field force authentication request using the encryption section, this loophole is invalid. \nIn order to let the user have more time to update the repair, the research team did not release in-depth technical details. After a few days of Orpheus\u2019 Lyre the website will publish more details. \n\u201cNote that the vulnerability is a client vulnerability, the client needs to be repaired,\u201dthe researchers said,\u201con the server side patch is useless.\u201d \n\n", "modified": "2017-07-18T00:00:00", "published": "2017-07-18T00:00:00", "id": "MYHACK58:62201787968", "href": "http://www.myhack58.com/Article/html/3/62/2017/87968.htm", "title": "To\u201chypnosis\u201dto bypass authentication: an influence of the Kerberos Protocol for up to 20 years of vulnerabilities-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 0.0, "vector": "NONE"}}], "apple": [{"lastseen": "2020-12-24T20:41:46", "bulletinFamily": "software", "cvelist": ["CVE-2017-13873", "CVE-2017-11122", "CVE-2017-13806", "CVE-2017-9233", "CVE-2017-13877", "CVE-2017-13863", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7102", "CVE-2016-9840", "CVE-2017-7075", "CVE-2017-13840", "CVE-2017-7120", "CVE-2017-7139", "CVE-2017-13843", "CVE-2017-7117", "CVE-2017-11121", "CVE-2017-7088", "CVE-2017-7085", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-7099", "CVE-2017-13816", "CVE-2017-11103", "CVE-2017-13832", "CVE-2017-7096", "CVE-2017-6211", "CVE-2017-7132", "CVE-2017-7090", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-7081", "CVE-2017-13836", "CVE-2017-1000373", "CVE-2017-7072", "CVE-2017-7083", "CVE-2017-7093", "CVE-2017-7078", "CVE-2017-11120", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7148", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-7116", "CVE-2017-13812", "CVE-2017-7089", "CVE-2018-4302", "CVE-2017-13829", "CVE-2017-7107", "CVE-2017-7131", "CVE-2017-13828", "CVE-2017-7098", "CVE-2017-13821", "CVE-2017-7142", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-7087", "CVE-2017-7092", "CVE-2017-7146", "CVE-2017-7145", "CVE-2017-13818", "CVE-2016-9843", "CVE-2017-13841", "CVE-2017-7103", "CVE-2017-7097", "CVE-2017-7133", "CVE-2017-7086", "CVE-2017-7095", "CVE-2017-7110", "CVE-2017-7105", "CVE-2017-7100", "CVE-2017-7115", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-7091", "CVE-2016-9841", "CVE-2017-7144", "CVE-2017-7108", "CVE-2017-7094", "CVE-2017-7127", "CVE-2017-7104", "CVE-2017-7109", "CVE-2017-7112", "CVE-2017-13825", "CVE-2017-7140", "CVE-2017-13842", "CVE-2017-7111", "CVE-2017-5130", "CVE-2017-7118", "CVE-2017-9050", "CVE-2017-7106"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11\n\nReleased September 19, 2017\n\n**802.1X**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**APNs**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13863: FURIOUSMAC Team of United States Naval Academy\n\nEntry added December 21, 2017\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to access restricted files\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.\n\nCVE-2017-7131: Dominik Conrads of Federal Office for Information Security, an anonymous researcher, Anand Kathapurkar of India, Elvis (@elvisimprsntr)\n\nEntry updated October 9, 2017\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\nEntry added September 25, 2017\n\n**CFString**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\nEntry added September 25, 2017\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**Exchange ActiveSync**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to erase a device during Exchange account setup\n\nDescription: A validation issue existed in AutoDiscover V1. This was addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is now supported.\n\nCVE-2017-7088: Ilya Nesterov, Maxim Goncharov\n\n**file**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry added October 31, 2017, updated October 18, 2018\n\n**Fonts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry added September 25, 2017\n\n**HFS**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**iBooks**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7072: J\u0119drzej Krysztofiak\n\n**ImageIO**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nEntry added September 25, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**Keyboard Suggestions**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Keyboard autocorrect suggestions may reveal sensitive information\n\nDescription: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics.\n\nCVE-2017-7140: Agim Allkanjari of Stream in Motion Inc.\n\nEntry updated October 9, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\nEntry added September 25, 2017\n\n**libc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\nEntry added September 25, 2017\n\n**libexpat**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\nEntry added September 25, 2017\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-7376: an anonymous researcher\n\nCVE-2017-5130: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**Location Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read sensitive location information\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed with additional ownership checks.\n\nCVE-2017-7148: Igor Makarov from Moovit, Will McGinty and Shawnna Rodriguez of Bottle Rocket Studios\n\nEntry updated October 9, 2017\n\n**Mail Drafts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to intercept mail contents\n\nDescription: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.\n\nCVE-2017-7078: Petter Flink, Pierre ALBAR\u00c8DE from Marseille (France), an anonymous researcher\n\nEntry updated October 9, 2017\n\n**Mail MessageUI**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-2017-7118: Kiki Jiang and Jason Tokoph\n\n**MobileBackup**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Backup may perform an unencrypted backup despite a requirement to perform only encrypted backups\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2017-7133: Don Sparks of HackediOS.com\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: The contents of locked notes sometimes appeared in search results. This issue was addressed through improved data cleanup.\n\nCVE-2017-7075: Richard Will of Marathon Oil Company\n\nEntry added November 10, 2017\n\n**Phone**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A screenshot of secure content may be taken when locking an iOS device\n\nDescription: A timing issue existed in the handling of locking. This issue was addressed by disabling screenshots while locking.\n\nCVE-2017-7139: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Profiles**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Device pairing records could be inadvertently installed on a device when a profile that disallows pairing is installed\n\nDescription: Pairings were not removed when a profile disallowing pairings was installed. This was addressed by removing pairings conflicting with the configuration profile.\n\nCVE-2017-13806: Rorie Hood of MWR InfoSecurity\n\nEntry added November 2, 2017\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence of other applications on the device.\n\nDescription: An application was able to determine the existence of files outside of its sandbox. This issue was addressed through additional sandbox checks.\n\nCVE-2017-13877: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune\n\nEntry added September 25, 2017\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious app may be able to track users between installs\n\nDescription: A permission checking issue existed in the handling of an app's Keychain data. This issue was addressed with improved permission checking.\n\nCVE-2017-7146: an anonymous researcher\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, and Wi-Fi + Cellular models of iPad Air generation and later\n\nImpact: An attacker within range may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-6211: Matthew Spisak of ENDGAME (endgame.com)\n\nEntry added December 4, 2017\n\n**Time**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: \"Setting Time Zone\" may incorrectly indicate that it is using location\n\nDescription: A permissions issue existed in the process that handles time zone information. The issue was resolved by modifying permissions.\n\nCVE-2017-7145: Chris Lawrence\n\nEntry updated October 9, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-7081: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7087: Apple\n\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\n\nCVE-2017-7098: Felipe Freitas of Instituto Tecnol\u00f3gico de Aeron\u00e1utica\n\nCVE-2017-7099: Apple\n\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\n\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7104: likemeng of Baidu Secutity Lab\n\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7117: lokihardt of Google Project Zero\n\nCVE-2017-7120: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security Lab\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management.\n\nCVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans Ros\u00e9n of Detectify\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.\n\nCVE-2017-7090: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: Application Cache policy may be unexpectedly applied.\n\nCVE-2017-7109: avlidienbrunn\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.\n\nCVE-2017-7144: Mohammad Ghasemisharif of UIC\u2019s BITS Lab\n\nEntry updated October 9, 2017\n\n**WebKit Storage**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Website data may persist after a Safari Private browsing session\n\nDescription: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling.\n\nCVE-2017-7142: Rich Shawn O\u2019Connell, an anonymous researcher, an anonymous researcher\n\nEntry added November 10, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-11120: Gal Beniamini of Google Project Zero\n\nCVE-2017-11121: Gal Beniamini of Google Project Zero\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7103: Gal Beniamini of Google Project Zero\n\nCVE-2017-7105: Gal Beniamini of Google Project Zero\n\nCVE-2017-7108: Gal Beniamini of Google Project Zero\n\nCVE-2017-7110: Gal Beniamini of Google Project Zero\n\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: Multiple race conditions were addressed through improved validation.\n\nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A attacker within range may be able to read restricted memory from the Wi-Fi chipset\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-11122: Gal Beniamini of Google Project Zero\n\nEntry added October 2, 2017\n\n**zlib**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition \n\n**LaunchServices**\n\nWe would like to acknowledge Mark Zimmermann of EnBW Energie Baden-W\u00fcrttemberg AG for their assistance.\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**Webkit**\n\nWe would like to acknowledge xisigr of Tencent's Xuanwu Lab (tencent.com) for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.\n\n**WebKit Web Inspector**\n\nWe would like to acknowledge Ioan Biz\u0103u of Bloggify for their assistance.\n", "edition": 3, "modified": "2020-07-27T08:16:39", "published": "2020-07-27T08:16:39", "id": "APPLE:HT208112", "href": "https://support.apple.com/kb/HT208112", "title": "About the security content of iOS 11 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:15", "bulletinFamily": "software", "cvelist": ["CVE-2017-6459", "CVE-2017-7077", "CVE-2017-13810", "CVE-2017-13873", "CVE-2017-9233", "CVE-2016-2161", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7143", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-13843", "CVE-2017-13809", "CVE-2017-7084", "CVE-2017-13823", "CVE-2016-8743", "CVE-2017-7138", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-13816", "CVE-2017-7126", "CVE-2017-13910", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13832", "CVE-2017-13846", "CVE-2017-7132", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-13908", "CVE-2017-13811", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-6451", "CVE-2017-1000373", "CVE-2017-13827", "CVE-2017-7083", "CVE-2017-7121", "CVE-2017-7074", "CVE-2017-13808", "CVE-2017-7078", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-6458", "CVE-2017-13890", "CVE-2017-13812", "CVE-2017-13824", "CVE-2018-4302", "CVE-2017-7141", "CVE-2016-4736", "CVE-2017-7119", "CVE-2017-13829", "CVE-2017-13851", "CVE-2017-13828", "CVE-2017-13839", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2016-9042", "CVE-2017-7125", "CVE-2017-6462", "CVE-2017-13838", "CVE-2017-6463", "CVE-2017-13818", "CVE-2016-9843", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-6452", "CVE-2016-5387", "CVE-2017-7086", "CVE-2017-7082", "CVE-2017-13835", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-13837", "CVE-2016-9841", "CVE-2017-7127", "CVE-2017-6464", "CVE-2017-13825", "CVE-2017-7124", "CVE-2017-7123", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-7122", "CVE-2017-13909", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13\n\nReleased September 25, 2017\n\n**802.1X**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**apache**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues existed in Apache. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry added October 31, 2017, updated December 14, 2018\n\n**Apple Account Settings**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may gain access to iCloud authentication tokens\n\nDescription: An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain.\n\nCVE-2017-13909: Andreas Nilsson\n\nEntry added October 18, 2018\n\n**AppleScript**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Application Firewall**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A previously denied application firewall setting may take effect after upgrading\n\nDescription: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades.\n\nCVE-2017-7084: an anonymous researcher\n\n**AppSandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7074: Daniel Jalkut of Red Sweater Software\n\n**ATS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\nEntry added October 31, 2017\n\n**Audio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry added October 31, 2017\n\n**Captive Network Assistant**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may unknowingly send a password unencrypted over the network\n\nDescription: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state.\n\nCVE-2017-7143: Matthew Green of Johns Hopkins University\n\nEntry updated October 3, 2017\n\n**CFNetwork**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\n**CFString**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\n**CoreText**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**CoreTypes**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted webpage may result in the mounting of a disk image\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis\n\nEntry added March 29, 2018\n\n**DesktopServices**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to observe unprotected user data\n\nDescription: A file access issue existed with certain home folder files. This was addressed with improved access restrictions.\n\nCVE-2017-13851: Henrique Correa de Amorim\n\nEntry added November 2, 2017, updated February 14, 2018\n\n**Directory Utility**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to determine the Apple ID of the owner of the computer\n\nDescription: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.\n\nCVE-2017-7138: Daniel Kvak of Masaryk University\n\nEntry updated October 3, 2017\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.30.\n\nCVE-2017-7121: found by OSS-Fuzz\n\nCVE-2017-7122: found by OSS-Fuzz\n\nCVE-2017-7123: found by OSS-Fuzz\n\nCVE-2017-7124: found by OSS-Fuzz\n\nCVE-2017-7125: found by OSS-Fuzz\n\nCVE-2017-7126: found by OSS-Fuzz\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815\n\nEntry added October 31, 2017\n\n**Fonts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13835: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Heimdal**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\n**HelpViewer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Installer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to access the FileVault unlock key\n\nDescription: This issue was addressed by removing additional entitlements.\n\nCVE-2017-13837: Patrick Wardle of Synack\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7077: Brandon Azad\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**kext tools**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A logic error in kext loading was addressed with improved state handling.\n\nCVE-2017-13827: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\n**libexpat**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: The sender of an email may be able to determine the IP address of the recipient\n\nDescription: Turning off \"Load remote content in messages\" did not apply to all mailboxes. This issue was addressed with improved setting propagation.\n\nCVE-2017-7141: John Whitehead of The New York Times\n\nEntry updated October 3, 2017\n\n**Mail Drafts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker with a privileged network position may be able to intercept mail contents\n\nDescription: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.\n\nCVE-2017-7078: Petter Flink, Pierre ALBAR\u00c8DE from Marseille (France), an anonymous researcher\n\nEntry updated October 3, 2017\n\n**ntp**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in ntp\n\nDescription: Multiple issues were addressed by updating to version 4.2.8p10\n\nCVE-2017-6451: Cure53 \n\nCVE-2017-6452: Cure53 \n\nCVE-2017-6455: Cure53 \n\nCVE-2017-6458: Cure53 \n\nCVE-2017-6459: Cure53 \n\nCVE-2017-6460: Cure53 \n\nCVE-2017-6462: Cure53 \n\nCVE-2017-6463: Cure53 \n\nCVE-2017-6464: Cure53\n\nCVE-2016-9042: Matthew Van Gundy of Cisco\n\n**Open Scripting Architecture**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\nEntry added October 31, 2017\n\n**PCRE**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\nEntry added October 31, 2017\n\n**Postfix**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry added October 31, 2017, updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**QuickTime**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\nEntry added October 31, 2017\n\n**Sandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Screen Lock**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Application Firewall prompts may appear over Login Window\n\nDescription: A window management issue was addressed through improved state management.\n\nCVE-2017-7082: Tim Kingman\n\n**Security**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune, an anonymous researcher, an anonymous researcher\n\n**SMB**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Spotlight may display results for files not belonging to the user\n\nDescription: An access issue existed in Spotlight. This issue was addressed through improved access restrictions.\n\nCVE-2017-13839: Ken Harris of the Free Robot Collective\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to access restricted files\n\nDescription: An access issue was addressed with additional sandbox restrictions on applications.\n\nCVE-2017-13910\n\nEntry added October 18, 2018\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\n**zlib**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added February 6, 2020\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**NSWindow**\n\nWe would like to acknowledge Trent Apted of the Google Chrome team for their assistance.\n\n**WebKit Web Inspector**\n\nWe would like to acknowledge Ioan Biz\u0103u of Bloggify for their assistance.\n\n\n\n## macOS High Sierra 10.13 Supplemental Update\n\nNew downloads of macOS High Sierra 10.13 include the security content of the [macOS High Sierra 10.13 Supplemental Update](<https://support.apple.com/kb/HT208165>).\n", "edition": 2, "modified": "2020-02-06T07:51:09", "published": "2020-02-06T07:51:09", "id": "APPLE:HT208144", "href": "https://support.apple.com/kb/HT208144", "title": "About the security content of macOS High Sierra 10.13 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:00", "bulletinFamily": "software", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-13786", "CVE-2017-13810", "CVE-2017-12986", "CVE-2017-13036", "CVE-2018-4390", "CVE-2017-13031", "CVE-2017-12896", "CVE-2016-2161", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-13840", "CVE-2017-12998", "CVE-2017-13080", "CVE-2017-13006", "CVE-2017-13843", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13809", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-3167", "CVE-2017-13035", "CVE-2017-13823", "CVE-2017-13689", "CVE-2016-8743", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13822", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13852", "CVE-2017-13022", "CVE-2017-13846", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-7132", "CVE-2017-5969", "CVE-2017-13907", "CVE-2017-13908", "CVE-2017-11108", "CVE-2017-13811", "CVE-2017-13815", "CVE-2017-13054", "CVE-2017-13800", "CVE-2017-13688", "CVE-2017-9049", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-13078", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-13808", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-13813", "CVE-2017-13831", "CVE-2018-4391", "CVE-2017-12993", "CVE-2017-7376", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13833", "CVE-2017-11542", "CVE-2017-13804", "CVE-2017-13812", "CVE-2017-13824", "CVE-2017-13028", "CVE-2017-1000101", "CVE-2016-4736", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13015", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-13838", "CVE-2017-13818", "CVE-2017-12999", "CVE-2017-12899", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-9788", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2016-5387", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-1000100", "CVE-2017-13003", "CVE-2017-9789", "CVE-2017-13047", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13012", "CVE-2017-7170", "CVE-2017-7668", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13033", "CVE-2017-13817", "CVE-2017-13009", "CVE-2017-3169", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-13077", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-7659", "CVE-2017-13023", "CVE-2017-7150", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-13825", "CVE-2017-13801", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-7679", "CVE-2017-9050", "CVE-2017-13034"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan\n\nReleased October 31, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues were addressed by updating to version 2.4.27.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nCVE-2017-3167\n\nCVE-2017-3169\n\nCVE-2017-7659\n\nCVE-2017-7668\n\nCVE-2017-7679\n\nCVE-2017-9788\n\nCVE-2017-9789\n\nEntry updated November 14, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.\n\nCVE-2017-13786: Dmytro Oleksiuk\n\nEntry updated November 10, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum\n\n**AppleScript**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry updated November 10, 2017\n\n**ATS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry updated January 22, 2019\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFString**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**CoreText**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000100: Even Rouault, found by OSS-Fuzz\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000101: Brian Carpenter, Yongji Ouyang\n\n**Dictionary Widget**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Searching pasted text in the Dictionary widget may lead to compromise of user information\n\nDescription: A validation issue existed which allowed local file access. This was addressed with input sanitization.\n\nCVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**file**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**Fonts**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**HFS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\n**Heimdal**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed with improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry updated January 22, 2019\n\n**HelpViewer**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry updated November 10, 2017\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry updated April 3, 2019\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed with improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry updated June 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nEntry updated November 16, 2018, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\n\nEntry updated December 21, 2017\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2017-5969: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added November 16, 2018\n\n**Login Window**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: The screen lock may unexpectedly remain unlocked\n\nDescription: A state management issue was addressed with improved state validation.\n\nCVE-2017-13907: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Open Scripting Architecture**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\n**PCRE**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\n**Postfix**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated January 22, 2019\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\n**Sandbox**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry updated November 10, 2017\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2017-7170: Patrick Wardle of Synack\n\nEntry added January 11, 2018\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious application can extract keychain passwords\n\nDescription: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.\n\nCVE-2017-7150: Patrick Wardle of Synack\n\nEntry added November 17, 2017\n\n**SMB**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**StreamingZip**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**tcpdump**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to version 4.9.2.\n\nCVE-2017-11108\n\nCVE-2017-11541\n\nCVE-2017-11542\n\nCVE-2017-11543\n\nCVE-2017-12893\n\nCVE-2017-12894\n\nCVE-2017-12895\n\nCVE-2017-12896\n\nCVE-2017-12897\n\nCVE-2017-12898\n\nCVE-2017-12899\n\nCVE-2017-12900\n\nCVE-2017-12901\n\nCVE-2017-12902\n\nCVE-2017-12985\n\nCVE-2017-12986\n\nCVE-2017-12987\n\nCVE-2017-12988\n\nCVE-2017-12989\n\nCVE-2017-12990\n\nCVE-2017-12991\n\nCVE-2017-12992\n\nCVE-2017-12993\n\nCVE-2017-12994\n\nCVE-2017-12995\n\nCVE-2017-12996\n\nCVE-2017-12997\n\nCVE-2017-12998\n\nCVE-2017-12999\n\nCVE-2017-13000\n\nCVE-2017-13001\n\nCVE-2017-13002\n\nCVE-2017-13003\n\nCVE-2017-13004\n\nCVE-2017-13005\n\nCVE-2017-13006\n\nCVE-2017-13007\n\nCVE-2017-13008\n\nCVE-2017-13009\n\nCVE-2017-13010\n\nCVE-2017-13011\n\nCVE-2017-13012\n\nCVE-2017-13013\n\nCVE-2017-13014\n\nCVE-2017-13015\n\nCVE-2017-13016\n\nCVE-2017-13017\n\nCVE-2017-13018\n\nCVE-2017-13019\n\nCVE-2017-13020\n\nCVE-2017-13021\n\nCVE-2017-13022\n\nCVE-2017-13023\n\nCVE-2017-13024\n\nCVE-2017-13025\n\nCVE-2017-13026\n\nCVE-2017-13027\n\nCVE-2017-13028\n\nCVE-2017-13029\n\nCVE-2017-13030\n\nCVE-2017-13031\n\nCVE-2017-13032\n\nCVE-2017-13033\n\nCVE-2017-13034\n\nCVE-2017-13035\n\nCVE-2017-13036\n\nCVE-2017-13037\n\nCVE-2017-13038\n\nCVE-2017-13039\n\nCVE-2017-13040\n\nCVE-2017-13041\n\nCVE-2017-13042\n\nCVE-2017-13043\n\nCVE-2017-13044\n\nCVE-2017-13045\n\nCVE-2017-13046\n\nCVE-2017-13047\n\nCVE-2017-13048\n\nCVE-2017-13049\n\nCVE-2017-13050\n\nCVE-2017-13051\n\nCVE-2017-13052\n\nCVE-2017-13053\n\nCVE-2017-13054\n\nCVE-2017-13055\n\nCVE-2017-13687\n\nCVE-2017-13688\n\nCVE-2017-13689\n\nCVE-2017-13690\n\nCVE-2017-13725\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 2, "modified": "2019-04-03T09:42:09", "published": "2019-04-03T09:42:09", "id": "APPLE:HT208221", "href": "https://support.apple.com/kb/HT208221", "title": "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}