For CVE-2021-20316 and CVE-2021-44141, there is only a workaround and mitigation: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can then use SMB1 unix extension information queries to determine if the target of the symlink exists or not by examining error codes returned from the smbd server. There is no ability to access these files or directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix extensions are not enabled then there is no way to discover if a symlink points to a valid target or not via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1 with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a file server can help attackers guess system user names or the exact operating system release and applications running on the server hosting Samba which may help mount further attacks. SMB1 has been disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the wild. For CVE-2021-44142, All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. For CVE-2022-0336, The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
{"id": "MGASA-2022-0054", "vendorId": null, "type": "mageia", "bulletinFamily": "unix", "title": "Updated samba packages fix security vulnerability\n", "description": "For CVE-2021-20316 and CVE-2021-44141, there is only a workaround and mitigation: All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can then use SMB1 unix extension information queries to determine if the target of the symlink exists or not by examining error codes returned from the smbd server. There is no ability to access these files or directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix extensions are not enabled then there is no way to discover if a symlink points to a valid target or not via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1 with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a file server can help attackers guess system user names or the exact operating system release and applications running on the server hosting Samba which may help mount further attacks. SMB1 has been disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the wild. For CVE-2021-44142, All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file's extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes. The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue. For CVE-2022-0336, The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. \n", "published": "2022-02-09T20:46:00", "modified": "2022-02-09T20:46:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://advisories.mageia.org/MGASA-2022-0054.html", "reporter": "Gentoo Foundation", "references": ["https://bugs.mageia.org/show_bug.cgi?id=29974", "https://www.samba.org/samba/security/CVE-2021-44141.html", "https://www.samba.org/samba/security/CVE-2021-44142.html", "https://www.samba.org/samba/security/CVE-2022-0336.html", "https://www.samba.org/samba/history/samba-4.14.12.html", "https://ubuntu.com/security/notices/USN-5260-1", "https://www.samba.org/samba/security/CVE-2021-20316.html", "https://lists.suse.com/pipermail/sle-security-updates/2022-February/010164.html", "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/72ZRNFZ3DE3TJA7HFCVV476YJN6I4B5M/"], "cvelist": ["CVE-2021-20316", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "immutableFields": [], "lastseen": "2022-04-18T11:19:35", "viewCount": 13, "enchantments": {"score": {"value": 1.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0332", "ALSA-2022:2074"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-44141", "ALPINE:CVE-2021-44142"]}, {"type": "amazon", "idList": ["ALAS-2022-1564", "ALAS2-2022-1746"]}, {"type": "centos", "idList": ["CESA-2022:0328"]}, {"type": "cert", "idList": ["VU:119678"]}, {"type": "cisa", "idList": ["CISA:07D5CC40C9E66F413405DC92522747C5"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C597E2EA8E919F62FC3E9E5C918FE1B7"]}, {"type": "cve", "idList": ["CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5071-1:71FFF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-20316", "DEBIANCVE:CVE-2021-44141", "DEBIANCVE:CVE-2021-44142", "DEBIANCVE:CVE-2022-0336"]}, {"type": "f5", "idList": ["F5:K08602542", "F5:K45752041", "F5:K84695749"]}, {"type": "fedora", "idList": ["FEDORA:49AF8312EC07", "FEDORA:E133C304C758"]}, {"type": "freebsd", "idList": ["8579074C-839F-11EC-A3B2-005056A311D1"]}, {"type": "githubexploit", "idList": ["3E948D04-4013-561A-9F41-7C692AB14993", "B0F54D1F-71E5-54D9-BED8-BA166E090B14"]}, {"type": "ibm", "idList": ["25A65ADD2259E5466AE95B2C3CF70AF0345E2B0D71A6B9AD7F9F87A979A9FC8E", "34CC9D7721C963B056C83F77396BEE1AE82A312286A43B241F322E84A8E5C203", "81888C5B2AB508173E8A42F5BFE94831F0AC299F823257C974E685AD0574CB4F", "B07F5F95DC160BC577BCF0F6B2CA7525D98BC1ED3F1D3CFFB685540DF0D501B3", "CC17E17E076A44EF02E85659197C661661F549157CAC222BEF819F68925BEA45", "EDCD7C6F942E7E7EFA18D0CD216C96A69DB9DA76E57B9A5EA2BC61796211528A"]}, {"type": "kaspersky", "idList": ["KLA12439", "KLA12440"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:353332AFBB6514EFED7F5F38820FFD50"]}, {"type": "nessus", "idList": ["AL2_ALAS-2022-1746.NASL", "ALA_ALAS-2022-1564.NASL", "ALMA_LINUX_ALSA-2022-0332.NASL", "ALMA_LINUX_ALSA-2022-2074.NASL", "CENTOS8_RHSA-2022-2074.NASL", "CENTOS_RHSA-2022-0328.NASL", "DEBIAN_DSA-5071.NASL", "EULEROS_SA-2022-1438.NASL", "EULEROS_SA-2022-1459.NASL", "EULEROS_SA-2022-1551.NASL", "EULEROS_SA-2022-1586.NASL", "EULEROS_SA-2022-1614.NASL", "EULEROS_SA-2022-1638.NASL", "EULEROS_SA-2022-1652.NASL", "EULEROS_SA-2022-1666.NASL", "EULEROS_SA-2022-1675.NASL", "EULEROS_SA-2022-1763.NASL", "EULEROS_SA-2022-2038.NASL", "EULEROS_SA-2022-2066.NASL", "FREEBSD_PKG_8579074C839F11ECA3B2005056A311D1.NASL", "OPENSUSE-2022-0283-1.NASL", "ORACLELINUX_ELSA-2022-0328.NASL", "ORACLELINUX_ELSA-2022-0332.NASL", "ORACLELINUX_ELSA-2022-2074.NASL", "QNAP_QTS_QUTS_HERO_QSA-22-03.NASL", "REDHAT-RHSA-2022-0328.NASL", "REDHAT-RHSA-2022-0329.NASL", "REDHAT-RHSA-2022-0330.NASL", "REDHAT-RHSA-2022-0331.NASL", "REDHAT-RHSA-2022-0332.NASL", "REDHAT-RHSA-2022-0457.NASL", "REDHAT-RHSA-2022-0458.NASL", "REDHAT-RHSA-2022-0663.NASL", "REDHAT-RHSA-2022-0664.NASL", "REDHAT-RHSA-2022-1756.NASL", "REDHAT-RHSA-2022-2074.NASL", "ROCKY_LINUX_RLSA-2022-2074.NASL", "ROCKY_LINUX_RLSA-2022-332.NASL", "SAMBA_4_15_5.NASL", "SL_20220131_SAMBA_ON_SL7_X.NASL", "SUSE_SU-2022-0251-1.NASL", "SUSE_SU-2022-0252-1.NASL", "SUSE_SU-2022-0271-1.NASL", "SUSE_SU-2022-0283-1.NASL", "SUSE_SU-2022-0284-1.NASL", "SUSE_SU-2022-0287-1.NASL", "SUSE_SU-2022-0323-1.NASL", "UBUNTU_USN-5260-1.NASL", "UBUNTU_USN-5260-2.NASL", "UBUNTU_USN-5260-3.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0328", "ELSA-2022-0332", "ELSA-2022-2074"]}, {"type": "osv", "idList": ["OSV:DSA-5071-1"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-44142"]}, {"type": "redhat", "idList": ["RHSA-2022:0328", "RHSA-2022:0329", "RHSA-2022:0330", "RHSA-2022:0331", "RHSA-2022:0332", "RHSA-2022:0457", "RHSA-2022:0458", "RHSA-2022:0663", "RHSA-2022:0664", "RHSA-2022:1756", "RHSA-2022:2074"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-20316", "RH:CVE-2021-44141", "RH:CVE-2021-44142", "RH:CVE-2022-0336"]}, {"type": "rocky", "idList": ["RLSA-2022:2074", "RLSA-2022:332"]}, {"type": "samba", "idList": ["SAMBA:CVE-2021-44141", "SAMBA:CVE-2021-44142", "SAMBA:CVE-2022-0336"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0283-1", "OPENSUSE-SU-2022:0284-1", "OPENSUSE-SU-2022:0287-1"]}, {"type": "thn", "idList": ["THN:61909FFAAC80372942BFAE32AACCD487"]}, {"type": "threatpost", "idList": ["THREATPOST:BC0CA0F92FAAD3AB1308DE070F2F66C8"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A6062F1BD1BD9B5493080D375AB7FA95"]}, {"type": "ubuntu", "idList": ["USN-5260-1", "USN-5260-2", "USN-5260-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-20316", "UB:CVE-2021-44141", "UB:CVE-2021-44142", "UB:CVE-2022-0336"]}, {"type": "veracode", "idList": ["VERACODE:33993", "VERACODE:33994", "VERACODE:34092", "VERACODE:35092"]}, {"type": "zdi", "idList": ["ZDI-22-244", "ZDI-22-245", "ZDI-22-246"]}]}, "vulnersScore": 1.2}, "_state": {"score": 1659993753, "dependencies": 1659988328}, "_internal": {"score_hash": "2c84285b1bfc66c032d437cde37bbf1c"}, "affectedPackage": [{"OS": "Mageia", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.14.12-1", "operator": "lt", "packageFilename": "samba-4.14.12-1.mga8", "packageName": "samba"}]}
{"fedora": [{"lastseen": "2022-02-23T17:38:26", "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-02T01:26:36", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: samba-4.15.5-0.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20316", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-02-02T01:26:36", "id": "FEDORA:49AF8312EC07", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C7Z6WQXBTZ2IQJ2IOEARLCY3GKPDQRZ2/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-02-23T17:38:26", "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T01:12:33", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: samba-4.14.12-0.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-02-03T01:12:33", "id": "FEDORA:E133C304C758", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HUM2MJYEBEIJHLBNK6LORYWBHRWYYYJO/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2022-02-10T00:00:00", "description": "Samba developers have [patched a vulnerability](<https://www.samba.org/samba/security/CVE-2021-44142.html>) that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.\n\nSamba is a free software re-implementation of the [SMB](<https://blog.malwarebytes.com/glossary/server-message-block-smb/>) networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain.\n\nThe vfs_fruit module provides enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Netatalk is a freely-available Open Source AFP fileserver. A UNIX, Linux or BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server (AFP).\n\n## The vulnerability\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The vulnerability in Samba that received a [CVSS score](<https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/>) of 9.9 out of 10 has been assigned [CVE-2021-44142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44142>).\n\nThe vulnerability is described as an out-of-bounds heap read/write vulnerability. The heap is the name for the part of the system\u2019s memory that is allocated for the use of programs. If a flaw in a program allows it to read or write outside of the bounds set for the program, it is possible to manipulate other parts of the memory which are allocated to more critical functions. This can allow an attacker to write code to a part of the memory where it will be executed with permissions that the program and user should not have. In this case as root, which is the user name or account that by default has access to **all commands and files** on a Linux or other Unix-like operating system.\n\nThe problem in vfs_fruit exists in the default configuration of the fruit VFS module using **fruit:metadata=netatalk** or **fruit:resource=file**. If both options are set to different settings than the default values, the system is not affected by the security issue.\n\n## The patch\n\nThe patch for this vulnerability was included in a [security update](<https://www.samba.org/samba/history/security.html>) that also patches some other issues:\n\n * [CVE-2021-44141](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141>) (CVSS score: 4.2) - Information leak via symlinks of existence of files or directories outside of the exported share. All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Symlink is a term for any file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution.\n * [CVE-2022-0336](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336>) (CVSS score: 3.1) - Samba AD users with permission to write to an account can impersonate arbitrary services. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding any service principals names (SPN) that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.\n\n## Mitigation\n\nSamba administrators should upgrade to these releases or apply the patch as soon as possible to mitigate the defect and thwart any potential attacks exploiting the vulnerability. But, as a workaround it is possible to remove the "fruit" VFS module from the list of configured VFS objects in any **vfs objects** line in the Samba configuration file **smb.conf**.\n\nPlease note that changing the VFS module settings **fruit:metadata** or **fruit:resource** to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.\n\nStay safe, everyone!\n\nThe post [Samba patches critical vulnerability that allows remote code execution as root](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/samba-patches-critical-vulnerability-that-allows-remote-code-execution-as-root/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {}, "published": "2022-02-01T15:22:52", "type": "malwarebytes", "title": "Samba patches critical vulnerability that allows remote code execution as root", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-02-01T15:22:52", "id": "MALWAREBYTES:353332AFBB6514EFED7F5F38820FFD50", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/samba-patches-critical-vulnerability-that-allows-remote-code-execution-as-root/", "cvss": {"score": 0.0, "vector": "NONE"}}], "cisa": [{"lastseen": "2022-02-24T11:34:36", "description": "The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.\n\nCISA encourages users and administrators to review the following Samba security announcements as well as [CERT/CC Vulnerability Note VU #119678](<https://www.kb.cert.org/vuls/id/119678>) and apply the necessary updates and workarounds.\n\n * [CVE-2021-44141](<https://www.samba.org/samba/security/CVE-2021-44141.html>)\n * [CVE-2021-44142](<https://www.samba.org/samba/security/CVE-2021-44142.html>)\n * [CVE-2022-0336](<https://www.samba.org/samba/security/CVE-2022-0336.html>)\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2022/02/01/samba-releases-security-updates>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "cisa", "title": "Samba Releases Security Updates", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-02-01T00:00:00", "id": "CISA:07D5CC40C9E66F413405DC92522747C5", "href": "https://us-cert.cisa.gov/ncas/current-activity/2022/02/01/samba-releases-security-updates", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-02-03T18:43:45", "description": "The version of QNAP QTS or QuTS hero on the remote host is affected by multiple vulnerabilities in the Samba component, as follows:\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - Samba AD users able to write to an account can impersonate existing services, intercept traffic, and cause a denial of service (DoS). (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-05T00:00:00", "type": "nessus", "title": "QNAP QTS / QuTS hero Multiple Vulnerabilities in Samba (QSA-22-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/a:qnap:qts", "cpe:/o:qnap:qts", "cpe:/o:qnap:quts_hero"], "id": "QNAP_QTS_QUTS_HERO_QSA-22-03.NASL", "href": "https://www.tenable.com/plugins/nessus/159504", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159504);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-44141\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n\n script_name(english:\"QNAP QTS / QuTS hero Multiple Vulnerabilities in Samba (QSA-22-03)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of QNAP QTS or QuTS hero on the remote host is affected by multiple vulnerabilities in the Samba component,\nas follows:\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - Samba AD users able to write to an account can impersonate existing services, intercept traffic, and cause\n a denial of service (DoS). (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.qnap.com/en/security-advisory/qsa-22-03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the workaround and upgrade to the relevant fixed version referenced in the QSA-22-03 advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:qnap:qts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:qnap:qts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:qnap:quts_hero\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"qnap_qts_quts_hero_web_detect.nbin\", \"qnap_qts_installed.nbin\");\n script_require_ports(\"installed_sw/QNAP QTS\", \"installed_sw/QNAP QuTS hero\");\n\n exit(0);\n}\n\ninclude('vcf_extras_qnap.inc');\n\nvar app_info = vcf::qnap::get_app_info();\n\nvar constraints = [\n{'product':'QTS', 'min_version':'4.3', 'max_version':'4.3.3', 'Number':'1945', 'Build':'20220303', 'fixed_display':'QTS 4.3.3.1945 build 20220303'},\n{'product':'QTS', 'min_version':'4.3.4', 'max_version':'4.3.4', 'Number':'1976', 'Build':'20220303', 'fixed_display':'QTS 4.3.4.1976 build 20220303'},\n{'product':'QTS', 'min_version':'4.3.6', 'max_version':'4.3.6', 'Number':'1965', 'Build':'20220302', 'fixed_display':'QTS 4.3.6.1965 build 20220302 '},\n{'product':'QTS', 'min_version':'4.5.4', 'max_version':'4.5.4', 'Number':'1931', 'Build':'20220128', 'fixed_display':'QTS 4.5.4.1931 build 20220128'},\n{'product':'QTS', 'min_version':'5.0', 'max_version':'5.0.0', 'Number':'1932', 'Build':'20220129', 'fixed_display':'QTS 5.0.0.1932 build 20220129'},\n{'product':'QuTS hero', 'min_version':'0.0', 'max_version':'4.5.4', 'Number':'1951', 'Build':'20220218', 'fixed_display':'QuTS hero h4.5.4.1951 build 20220218'},\n{'product':'QuTS hero', 'min_version':'5.0', 'max_version':'5.0.0', 'Number':'1949', 'Build':'20220215', 'fixed_display':'QuTS hero h5.0.0.1949 build 20220215'}\n];\n\nvcf::qnap::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:40:00", "description": "The version of Samba running on the remote host is 4.0.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities:\n\n - Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. (CVE-2021-44142)\n\n - Information leak via symlinks of existence of\tfiles or directories outside of the exported share. (CVE-2021-44141)\n\n - Samba AD users with permission to write to an account can impersonate arbitrary services. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T00:00:00", "type": "nessus", "title": "Samba 4.0.x < 4.13.17 / 4.14.x < 4.14.12 / 4.15.x < 4.15.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:/a:samba:samba"], "id": "SAMBA_4_15_5.NASL", "href": "https://www.tenable.com/plugins/nessus/157360", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157360);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-44141\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Samba 4.0.x < 4.13.17 / 4.14.x < 4.14.12 / 4.15.x < 4.15.5 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Samba server is potentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Samba running on the remote host is 4.0.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior\nto 4.15.5. It is, therefore, affected by multiple vulnerabilities:\n\n - Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. (CVE-2021-44142)\n\n - Information leak via symlinks of existence of\tfiles or directories outside of the exported share. (CVE-2021-44141)\n\n - Samba AD users with permission to write to an account can impersonate arbitrary services. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/history/security.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2021-44141.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2021-44142.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2022-0336.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Samba version 4.13.17, 4.14.12, or 4.15.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:samba:samba\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_nativelanman.nasl\");\n script_require_keys(\"SMB/NativeLanManager\", \"SMB/samba\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::samba::get_app_info();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n {'min_version':'4.0.0', 'fixed_version':'4.13.17'},\n {'min_version':'4.14.0', 'fixed_version':'4.14.12'},\n {'min_version':'4.15.0', 'fixed_version':'4.15.5'}\n];\n\nvcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_HOLE);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-02T22:11:10", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8579074c-839f-11ec-a3b2-005056a311d1 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "FreeBSD : samba -- Multiple Vulnerabilities (8579074c-839f-11ec-a3b2-005056a311d1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:samba413", "p-cpe:/a:freebsd:freebsd:samba414", "p-cpe:/a:freebsd:freebsd:samba415", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_8579074C839F11ECA3B2005056A311D1.NASL", "href": "https://www.tenable.com/plugins/nessus/157319", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157319);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2021-43566\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n\n script_name(english:\"FreeBSD : samba -- Multiple Vulnerabilities (8579074c-839f-11ec-a3b2-005056a311d1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 8579074c-839f-11ec-a3b2-005056a311d1 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2021-43566.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2021-44141.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2021-44142.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.samba.org/samba/security/CVE-2022-0336.html\");\n # https://vuxml.freebsd.org/freebsd/8579074c-839f-11ec-a3b2-005056a311d1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb46416f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba413\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba414\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:samba415\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"III\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'samba413<4.13.17',\n 'samba414<4.14.12',\n 'samba415<4.15.5'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:39:05", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0323-1 advisory.\n\n - An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. (CVE-2020-29361)\n\n - All versions of Samba prior to 4.15.0 are vulnerable to a malicious client using an SMB1 or NFS symlink race to allow filesystem metadata to be accessed in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-20316)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba Team reports: (CVE-2021-44141, CVE-2022-0336)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-04T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2022:0323-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25721", "CVE-2020-29361", "CVE-2021-20316", "CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_apparmor", "p-cpe:/a:novell:suse_linux:apparmor-docs", "p-cpe:/a:novell:suse_linux:apparmor-parser", "p-cpe:/a:novell:suse_linux:apparmor-profiles", "p-cpe:/a:novell:suse_linux:apparmor-utils", "p-cpe:/a:novell:suse_linux:ca-certificates", "p-cpe:/a:novell:suse_linux:ctdb", "p-cpe:/a:novell:suse_linux:libapparmor-devel", "p-cpe:/a:novell:suse_linux:libapparmor1", "p-cpe:/a:novell:suse_linux:libapparmor1-32bit", "p-cpe:/a:novell:suse_linux:libgnutls30", "p-cpe:/a:novell:suse_linux:libgnutls30-32bit", "p-cpe:/a:novell:suse_linux:libhogweed4", "p-cpe:/a:novell:suse_linux:libhogweed4-32bit", "p-cpe:/a:novell:suse_linux:libipa_hbac-devel", "p-cpe:/a:novell:suse_linux:libipa_hbac0", "p-cpe:/a:novell:suse_linux:libnettle6", "p-cpe:/a:novell:suse_linux:libnettle6-32bit", "p-cpe:/a:novell:suse_linux:libp11-kit0", "p-cpe:/a:novell:suse_linux:libp11-kit0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:suse_linux:libsss_certmap0", "p-cpe:/a:novell:suse_linux:libsss_idmap-devel", "p-cpe:/a:novell:suse_linux:libsss_idmap0", "p-cpe:/a:novell:suse_linux:libsss_nss_idmap-devel", "p-cpe:/a:novell:suse_linux:libsss_nss_idmap0", "p-cpe:/a:novell:suse_linux:libsss_simpleifp0", "p-cpe:/a:novell:suse_linux:p11-kit", "p-cpe:/a:novell:suse_linux:p11-kit-32bit", "p-cpe:/a:novell:suse_linux:p11-kit-devel", "p-cpe:/a:novell:suse_linux:p11-kit-nss-trust", "p-cpe:/a:novell:suse_linux:p11-kit-tools", "p-cpe:/a:novell:suse_linux:pam_apparmor", "p-cpe:/a:novell:suse_linux:pam_apparmor-32bit", "p-cpe:/a:novell:suse_linux:perl-apparmor", "p-cpe:/a:novell:suse_linux:python-sssd-config", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-32bit", "p-cpe:/a:novell:suse_linux:samba-client-libs", "p-cpe:/a:novell:suse_linux:samba-client-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-devel", "p-cpe:/a:novell:suse_linux:samba-devel-32bit", "p-cpe:/a:novell:suse_linux:samba-doc", "p-cpe:/a:novell:suse_linux:samba-ldb-ldap", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-libs-python3-32bit", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-tool", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-libs", "p-cpe:/a:novell:suse_linux:samba-winbind-libs-32bit", "p-cpe:/a:novell:suse_linux:sssd", "p-cpe:/a:novell:suse_linux:sssd-ad", "p-cpe:/a:novell:suse_linux:sssd-common", "p-cpe:/a:novell:suse_linux:sssd-dbus", "p-cpe:/a:novell:suse_linux:sssd-ipa", "p-cpe:/a:novell:suse_linux:sssd-krb5", "p-cpe:/a:novell:suse_linux:sssd-krb5-common", "p-cpe:/a:novell:suse_linux:sssd-ldap", "p-cpe:/a:novell:suse_linux:sssd-proxy", "p-cpe:/a:novell:suse_linux:sssd-tools", "p-cpe:/a:novell:suse_linux:yast2-samba-client", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0323-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157373", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0323-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157373);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2020-25721\",\n \"CVE-2020-29361\",\n \"CVE-2021-20316\",\n \"CVE-2021-43566\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0323-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2022:0323-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0323-1 advisory.\n\n - An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered\n in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are\n missing before calling realloc or calloc. (CVE-2020-29361)\n\n - All versions of Samba prior to 4.15.0 are vulnerable to a malicious client using an SMB1 or NFS symlink\n race to allow filesystem metadata to be accessed in an area of the server file system not exported under\n the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for\n this attack to succeed. (CVE-2021-20316)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba Team reports: (CVE-2021-44141, CVE-2022-0336)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1089938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195048\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010181.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1fe4996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29361\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0336\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-profiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ca-certificates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgnutls30\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libgnutls30-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libhogweed4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libhogweed4-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libipa_hbac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libipa_hbac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnettle6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnettle6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libp11-kit0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libp11-kit0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_certmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_nss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_nss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_simpleifp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:p11-kit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:p11-kit-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:p11-kit-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:p11-kit-nss-trust\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:p11-kit-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pam_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pam_apparmor-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-sssd-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ldb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ipa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-krb5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:yast2-samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'apache2-mod_apparmor-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'apparmor-docs-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'apparmor-parser-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'apparmor-profiles-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'apparmor-utils-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ca-certificates-1_201403302107-15.3.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libapparmor1-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libapparmor1-32bit-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libgnutls30-3.4.17-8.4.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libgnutls30-32bit-3.4.17-8.4.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libhogweed4-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libhogweed4-32bit-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libipa_hbac0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libnettle6-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libnettle6-32bit-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libp11-kit0-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libp11-kit0-32bit-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libsss_certmap0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libsss_idmap0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libsss_nss_idmap-devel-1.16.1-7.28.9', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libsss_nss_idmap0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libsss_simpleifp0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'p11-kit-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'p11-kit-32bit-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'p11-kit-nss-trust-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'p11-kit-tools-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'pam_apparmor-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'pam_apparmor-32bit-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'perl-apparmor-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'python-sssd-config-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-doc-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-ad-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-common-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-dbus-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-ipa-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-krb5-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-krb5-common-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-ldap-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-proxy-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'sssd-tools-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'yast2-samba-client-3.1.23-3.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'ctdb-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.5'},\n {'reference':'ctdb-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.5'},\n {'reference':'ctdb-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-12.5'},\n {'reference':'libapparmor-devel-2.8.2-56.6.3', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libapparmor-devel-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libipa_hbac-devel-1.16.1-7.28.9', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libipa_hbac-devel-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsss_idmap-devel-1.16.1-7.28.9', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsss_idmap-devel-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsss_nss_idmap-devel-1.16.1-7.28.9', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'libsss_nss_idmap-devel-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'p11-kit-devel-0.23.2-8.3.2', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'p11-kit-devel-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'apache2-mod_apparmor-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'apparmor-docs-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'apparmor-parser-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'apparmor-profiles-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'apparmor-utils-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'ca-certificates-1_201403302107-15.3.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libapparmor1-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libapparmor1-32bit-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libgnutls30-3.4.17-8.4.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libgnutls30-32bit-3.4.17-8.4.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libhogweed4-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libhogweed4-32bit-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libipa_hbac0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libnettle6-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libnettle6-32bit-3.1-21.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libp11-kit0-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libp11-kit0-32bit-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libsss_certmap0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libsss_idmap0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libsss_nss_idmap-devel-1.16.1-7.28.9', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libsss_nss_idmap0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libsss_simpleifp0-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'p11-kit-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'p11-kit-32bit-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'p11-kit-nss-trust-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'p11-kit-tools-0.23.2-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'pam_apparmor-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'pam_apparmor-32bit-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'perl-apparmor-2.8.2-56.6.3', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'python-sssd-config-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-doc-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-3.54.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-ad-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-common-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-dbus-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-ipa-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-krb5-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-krb5-common-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-ldap-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-proxy-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'sssd-tools-1.16.1-7.28.9', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'yast2-samba-client-3.1.23-3.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_apparmor / apparmor-docs / apparmor-parser / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:22:28", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:2074 advisory.\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : samba (ALSA-2022:2074)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20316", "CVE-2021-44141"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:alma:linux:ctdb", "p-cpe:/a:alma:linux:libsmbclient", "p-cpe:/a:alma:linux:libwbclient", "p-cpe:/a:alma:linux:python3-samba", "p-cpe:/a:alma:linux:python3-samba-test", "p-cpe:/a:alma:linux:samba", "p-cpe:/a:alma:linux:samba-client", "p-cpe:/a:alma:linux:samba-client-libs", "p-cpe:/a:alma:linux:samba-common", "p-cpe:/a:alma:linux:samba-common-libs", "p-cpe:/a:alma:linux:samba-common-tools", "p-cpe:/a:alma:linux:samba-krb5-printing", "p-cpe:/a:alma:linux:samba-libs", "p-cpe:/a:alma:linux:samba-pidl", "p-cpe:/a:alma:linux:samba-test", "p-cpe:/a:alma:linux:samba-test-libs", "p-cpe:/a:alma:linux:samba-vfs-iouring", "p-cpe:/a:alma:linux:samba-winbind", "p-cpe:/a:alma:linux:samba-winbind-clients", "p-cpe:/a:alma:linux:samba-winbind-krb5-locator", "p-cpe:/a:alma:linux:samba-winbind-modules", "p-cpe:/a:alma:linux:samba-winexe", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-2074.NASL", "href": "https://www.tenable.com/plugins/nessus/161095", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:2074.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161095);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2021-20316\", \"CVE-2021-44141\");\n script_xref(name:\"ALSA\", value:\"2022:2074\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"AlmaLinux 8 : samba (ALSA-2022:2074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:2074 advisory.\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-2074.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:samba-winexe\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libwbclient / python3-samba / python3-samba-test / etc');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T19:23:31", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-2074 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share (CVE-2021-20316)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : samba (ELSA-2022-2074)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20316", "CVE-2021-44141"], "modified": "2022-11-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:ctdb", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:libwbclient", "p-cpe:/a:oracle:linux:libwbclient-devel", "p-cpe:/a:oracle:linux:python3-samba", "p-cpe:/a:oracle:linux:python3-samba-test", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-client-libs", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-common-libs", "p-cpe:/a:oracle:linux:samba-common-tools", "p-cpe:/a:oracle:linux:samba-devel", "p-cpe:/a:oracle:linux:samba-krb5-printing", "p-cpe:/a:oracle:linux:samba-libs", "p-cpe:/a:oracle:linux:samba-pidl", "p-cpe:/a:oracle:linux:samba-test", "p-cpe:/a:oracle:linux:samba-test-libs", "p-cpe:/a:oracle:linux:samba-vfs-iouring", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "p-cpe:/a:oracle:linux:samba-winbind-modules", "p-cpe:/a:oracle:linux:samba-winexe"], "id": "ORACLELINUX_ELSA-2022-2074.NASL", "href": "https://www.tenable.com/plugins/nessus/161285", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-2074.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161285);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2021-20316\", \"CVE-2021-44141\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Oracle Linux 8 : samba (ELSA-2022-2074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-2074 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share\n (CVE-2021-20316)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-2074.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winexe\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / etc');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T19:21:34", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:2074 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share (CVE-2021-20316)\n\n - samba: Information leak via symlinks of existance of files or directories outside of the exported share (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "CentOS 8 : samba (CESA-2022:2074)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20316", "CVE-2021-44141"], "modified": "2022-11-01T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:ctdb", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:libwbclient", "p-cpe:/a:centos:centos:libwbclient-devel", "p-cpe:/a:centos:centos:python3-samba", "p-cpe:/a:centos:centos:python3-samba-test", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-client-libs", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-common-libs", "p-cpe:/a:centos:centos:samba-common-tools", "p-cpe:/a:centos:centos:samba-devel", "p-cpe:/a:centos:centos:samba-krb5-printing", "p-cpe:/a:centos:centos:samba-libs", "p-cpe:/a:centos:centos:samba-pidl", "p-cpe:/a:centos:centos:samba-test", "p-cpe:/a:centos:centos:samba-test-libs", "p-cpe:/a:centos:centos:samba-vfs-iouring", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "p-cpe:/a:centos:centos:samba-winbind-modules", "p-cpe:/a:centos:centos:samba-winexe"], "id": "CENTOS8_RHSA-2022-2074.NASL", "href": "https://www.tenable.com/plugins/nessus/160964", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:2074. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160964);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2021-20316\", \"CVE-2021-44141\");\n script_xref(name:\"RHSA\", value:\"2022:2074\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"CentOS 8 : samba (CESA-2022:2074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2022:2074 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share\n (CVE-2021-20316)\n\n - samba: Information leak via symlinks of existance of files or directories outside of the exported share\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2074\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:samba-winexe\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-24T00:28:14", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:2074 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share (CVE-2021-20316)\n\n - samba: Information leak via symlinks of existance of files or directories outside of the exported share (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : samba (RHSA-2022:2074)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20316", "CVE-2021-44141"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:python3-samba-test", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-iouring", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "p-cpe:/a:redhat:enterprise_linux:samba-winexe"], "id": "REDHAT-RHSA-2022-2074.NASL", "href": "https://www.tenable.com/plugins/nessus/161020", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:2074. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161020);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-20316\", \"CVE-2021-44141\");\n script_xref(name:\"RHSA\", value:\"2022:2074\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"RHEL 8 : samba (RHSA-2022:2074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:2074 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share\n (CVE-2021-20316)\n\n - samba: Information leak via symlinks of existance of files or directories outside of the exported share\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2009673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2046120\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 200, 362);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winexe\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.15.5-5.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-01-10T19:23:32", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:2074 advisory.\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : samba (RLSA-2022:2074)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20316", "CVE-2021-44141"], "modified": "2022-11-01T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:ctdb", "p-cpe:/a:rocky:linux:ctdb-debuginfo", "p-cpe:/a:rocky:linux:libsmbclient", "p-cpe:/a:rocky:linux:libsmbclient-debuginfo", "p-cpe:/a:rocky:linux:libsmbclient-devel", "p-cpe:/a:rocky:linux:libwbclient", "p-cpe:/a:rocky:linux:libwbclient-debuginfo", "p-cpe:/a:rocky:linux:libwbclient-devel", "p-cpe:/a:rocky:linux:python3-samba", "p-cpe:/a:rocky:linux:python3-samba-debuginfo", "p-cpe:/a:rocky:linux:python3-samba-devel", "p-cpe:/a:rocky:linux:python3-samba-test", "p-cpe:/a:rocky:linux:samba", "p-cpe:/a:rocky:linux:samba-client", "p-cpe:/a:rocky:linux:samba-client-debuginfo", "p-cpe:/a:rocky:linux:samba-client-libs", "p-cpe:/a:rocky:linux:samba-client-libs-debuginfo", "p-cpe:/a:rocky:linux:samba-common", "p-cpe:/a:rocky:linux:samba-common-libs", "p-cpe:/a:rocky:linux:samba-common-libs-debuginfo", "p-cpe:/a:rocky:linux:samba-common-tools", "p-cpe:/a:rocky:linux:samba-common-tools-debuginfo", "p-cpe:/a:rocky:linux:samba-debuginfo", "p-cpe:/a:rocky:linux:samba-debugsource", "p-cpe:/a:rocky:linux:samba-devel", "p-cpe:/a:rocky:linux:samba-krb5-printing", "p-cpe:/a:rocky:linux:samba-krb5-printing-debuginfo", "p-cpe:/a:rocky:linux:samba-libs", "p-cpe:/a:rocky:linux:samba-libs-debuginfo", "p-cpe:/a:rocky:linux:samba-pidl", "p-cpe:/a:rocky:linux:samba-test", "p-cpe:/a:rocky:linux:samba-test-debuginfo", "p-cpe:/a:rocky:linux:samba-test-libs", "p-cpe:/a:rocky:linux:samba-test-libs-debuginfo", "p-cpe:/a:rocky:linux:samba-vfs-iouring", "p-cpe:/a:rocky:linux:samba-vfs-iouring-debuginfo", "p-cpe:/a:rocky:linux:samba-winbind", "p-cpe:/a:rocky:linux:samba-winbind-clients", "p-cpe:/a:rocky:linux:samba-winbind-clients-debuginfo", "p-cpe:/a:rocky:linux:samba-winbind-debuginfo", "p-cpe:/a:rocky:linux:samba-winbind-krb5-locator", "p-cpe:/a:rocky:linux:samba-winbind-krb5-locator-debuginfo", "p-cpe:/a:rocky:linux:samba-winbind-modules", "p-cpe:/a:rocky:linux:samba-winbind-modules-debuginfo", "p-cpe:/a:rocky:linux:samba-winexe", "p-cpe:/a:rocky:linux:samba-winexe-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-2074.NASL", "href": "https://www.tenable.com/plugins/nessus/161339", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:2074.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161339);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/01\");\n\n script_cve_id(\"CVE-2021-20316\", \"CVE-2021-44141\");\n script_xref(name:\"RLSA\", value:\"2022:2074\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Rocky Linux 8 : samba (RLSA-2022:2074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:2074 advisory.\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:2074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1979959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1995849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1999294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2009673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2013596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2019461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2028029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2035528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2038148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2038796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2043154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2044404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2046120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2049602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2057503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2064325\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libsmbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libwbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-client-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-common-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-common-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-krb5-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-test-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-vfs-iouring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind-clients-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind-krb5-locator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winbind-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winexe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:samba-winexe-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.15.5-5.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.15.5-5.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.15.5-5.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-debuginfo-4.15.5-5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-debuginfo / libsmbclient / libsmbclient-debuginfo / etc');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-03T17:24:18", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1756 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share (CVE-2021-20316)\n\n - samba: Information leak via symlinks of existance of files or directories outside of the exported share (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "RHEL 8 : samba (RHSA-2022:1756)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20316", "CVE-2021-44141"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"], "id": "REDHAT-RHSA-2022-1756.NASL", "href": "https://www.tenable.com/plugins/nessus/160966", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1756. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160966);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2021-20316\", \"CVE-2021-44141\");\n script_xref(name:\"RHSA\", value:\"2022:1756\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"RHEL 8 : samba (RHSA-2022:1756)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1756 advisory.\n\n - samba: Symlink race error can allow metadata read and modify outside of the exported share\n (CVE-2021-20316)\n\n - samba: Information leak via symlinks of existance of files or directories outside of the exported share\n (CVE-2021-44141)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1756\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2009673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2046120\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44141\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20316\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 200, 362);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rhgs-server-nfs/3/debug',\n 'content/dist/layered/rhel8/x86_64/rhgs-server-nfs/3/os',\n 'content/dist/layered/rhel8/x86_64/rhgs-server-nfs/3/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rhgs-server-samba/3/debug',\n 'content/dist/layered/rhel8/x86_64/rhgs-server-samba/3/os',\n 'content/dist/layered/rhel8/x86_64/rhgs-server-samba/3/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rhgs-server/3/debug',\n 'content/dist/layered/rhel8/x86_64/rhgs-server/3/os',\n 'content/dist/layered/rhel8/x86_64/rhgs-server/3/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libsmbclient-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libsmbclient-devel-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libwbclient-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'libwbclient-devel-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'python3-samba-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-client-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-client-libs-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-common-4.15.5-100.el8rhgs', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-common-libs-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-common-tools-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-devel-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-krb5-printing-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-libs-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-pidl-4.15.5-100.el8rhgs', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-vfs-glusterfs-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-clients-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-krb5-locator-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'},\n {'reference':'samba-winbind-modules-4.15.5-100.el8rhgs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs-'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-02-02T22:11:10", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can then use SMB1 unix extension information queries to determine if the target of the symlink exists or not by examining error codes returned from the smbd server. There is no ability to access these files or directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix extensions are not enabled then there is no way to discover if a symlink points to a valid target or not via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1 with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a file server can help attackers guess system user names or the exact operating system release and applications running on the server hosting Samba which may help mount further attacks. SMB1 has been disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the wild. (CVE-2021-44141)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : samba (openSUSE-SU-2022:0283-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27840", "CVE-2021-20277", "CVE-2021-20316", "CVE-2021-36222", "CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2-mod_apparmor", "p-cpe:/a:novell:opensuse:apparmor-abstractions", "p-cpe:/a:novell:opensuse:apparmor-parser", "p-cpe:/a:novell:opensuse:apparmor-parser-lang", "p-cpe:/a:novell:opensuse:apparmor-profiles", "p-cpe:/a:novell:opensuse:apparmor-utils", "p-cpe:/a:novell:opensuse:apparmor-utils-lang", "p-cpe:/a:novell:opensuse:ctdb", "p-cpe:/a:novell:opensuse:ctdb-pcp-pmda", "p-cpe:/a:novell:opensuse:krb5", "p-cpe:/a:novell:opensuse:krb5-32bit", "p-cpe:/a:novell:opensuse:krb5-client", "p-cpe:/a:novell:opensuse:krb5-devel", "p-cpe:/a:novell:opensuse:krb5-devel-32bit", "p-cpe:/a:novell:opensuse:krb5-mini", "p-cpe:/a:novell:opensuse:krb5-mini-devel", "p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:opensuse:krb5-plugin-preauth-spake", "p-cpe:/a:novell:opensuse:krb5-server", "p-cpe:/a:novell:opensuse:ldb-tools", "p-cpe:/a:novell:opensuse:libapparmor-devel", "p-cpe:/a:novell:opensuse:libapparmor1", "p-cpe:/a:novell:opensuse:libapparmor1-32bit", "p-cpe:/a:novell:opensuse:libipa_hbac-devel", "p-cpe:/a:novell:opensuse:libipa_hbac0", "p-cpe:/a:novell:opensuse:libldb-devel", "p-cpe:/a:novell:opensuse:libldb2", "p-cpe:/a:novell:opensuse:libldb2-32bit", "p-cpe:/a:novell:opensuse:libnfsidmap-sss", "p-cpe:/a:novell:opensuse:libsamba-policy-devel", "p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit", "p-cpe:/a:novell:opensuse:libsamba-policy0-python3-64bit", "p-cpe:/a:novell:opensuse:libsss_certmap-devel", "p-cpe:/a:novell:opensuse:libsss_certmap0", "p-cpe:/a:novell:opensuse:libsss_idmap-devel", "p-cpe:/a:novell:opensuse:libsss_idmap0", "p-cpe:/a:novell:opensuse:libsss_nss_idmap-devel", "p-cpe:/a:novell:opensuse:libsss_nss_idmap0", "p-cpe:/a:novell:opensuse:libsss_simpleifp-devel", "p-cpe:/a:novell:opensuse:libsss_simpleifp0", "p-cpe:/a:novell:opensuse:libtalloc-devel", "p-cpe:/a:novell:opensuse:libtalloc2", "p-cpe:/a:novell:opensuse:libtalloc2-32bit", "p-cpe:/a:novell:opensuse:libtdb-devel", "p-cpe:/a:novell:opensuse:libtdb1", "p-cpe:/a:novell:opensuse:libtdb1-32bit", "p-cpe:/a:novell:opensuse:libtevent-devel", "p-cpe:/a:novell:opensuse:libtevent0", "p-cpe:/a:novell:opensuse:libtevent0-32bit", "p-cpe:/a:novell:opensuse:pam_apparmor", "p-cpe:/a:novell:opensuse:pam_apparmor-32bit", "p-cpe:/a:novell:opensuse:perl-apparmor", "p-cpe:/a:novell:opensuse:python3-apparmor", "p-cpe:/a:novell:opensuse:python3-ipa_hbac", "p-cpe:/a:novell:opensuse:python3-ldb", "p-cpe:/a:novell:opensuse:python3-ldb-32bit", "p-cpe:/a:novell:opensuse:python3-ldb-devel", "p-cpe:/a:novell:opensuse:python3-sss-murmur", "p-cpe:/a:novell:opensuse:python3-sss_nss_idmap", "p-cpe:/a:novell:opensuse:python3-sssd-config", "p-cpe:/a:novell:opensuse:python3-talloc", "p-cpe:/a:novell:opensuse:python3-talloc-32bit", "p-cpe:/a:novell:opensuse:python3-talloc-devel", "p-cpe:/a:novell:opensuse:python3-tdb", "p-cpe:/a:novell:opensuse:python3-tdb-32bit", "p-cpe:/a:novell:opensuse:python3-tevent", "p-cpe:/a:novell:opensuse:python3-tevent-32bit", "p-cpe:/a:novell:opensuse:ruby-apparmor", "p-cpe:/a:novell:opensuse:samba", "p-cpe:/a:novell:opensuse:samba-ad-dc", "p-cpe:/a:novell:opensuse:samba-ad-dc-libs", "p-cpe:/a:novell:opensuse:samba-ad-dc-libs-32bit", "p-cpe:/a:novell:opensuse:samba-ceph", "p-cpe:/a:novell:opensuse:samba-client", "p-cpe:/a:novell:opensuse:samba-client-32bit", "p-cpe:/a:novell:opensuse:samba-client-64bit", "p-cpe:/a:novell:opensuse:samba-client-libs", "p-cpe:/a:novell:opensuse:samba-client-libs-32bit", "p-cpe:/a:novell:opensuse:samba-devel", "p-cpe:/a:novell:opensuse:samba-devel-32bit", "p-cpe:/a:novell:opensuse:samba-dsdb-modules", "p-cpe:/a:novell:opensuse:samba-gpupdate", "p-cpe:/a:novell:opensuse:samba-ldb-ldap", "p-cpe:/a:novell:opensuse:samba-libs", "p-cpe:/a:novell:opensuse:samba-libs-32bit", "p-cpe:/a:novell:opensuse:samba-libs-64bit", "p-cpe:/a:novell:opensuse:samba-libs-python3", "p-cpe:/a:novell:opensuse:samba-libs-python3-32bit", "p-cpe:/a:novell:opensuse:samba-libs-python3-64bit", "p-cpe:/a:novell:opensuse:samba-python3", "p-cpe:/a:novell:opensuse:samba-test", "p-cpe:/a:novell:opensuse:samba-tool", "p-cpe:/a:novell:opensuse:samba-winbind", "p-cpe:/a:novell:opensuse:samba-winbind-libs", "p-cpe:/a:novell:opensuse:samba-winbind-libs-32bit", "p-cpe:/a:novell:opensuse:sssd", "p-cpe:/a:novell:opensuse:sssd-ad", "p-cpe:/a:novell:opensuse:sssd-common", "p-cpe:/a:novell:opensuse:sssd-dbus", "p-cpe:/a:novell:opensuse:sssd-ipa", "p-cpe:/a:novell:opensuse:sssd-krb5", "p-cpe:/a:novell:opensuse:sssd-krb5-common", "p-cpe:/a:novell:opensuse:sssd-ldap", "p-cpe:/a:novell:opensuse:sssd-proxy", "p-cpe:/a:novell:opensuse:sssd-tools", "p-cpe:/a:novell:opensuse:sssd-wbclient", "p-cpe:/a:novell:opensuse:sssd-wbclient-devel", "p-cpe:/a:novell:opensuse:sssd-winbind-idmap", "p-cpe:/a:novell:opensuse:talloc-man", "p-cpe:/a:novell:opensuse:tdb-tools", "p-cpe:/a:novell:opensuse:tevent-man", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0283-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157325", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0283-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157325);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2020-27840\",\n \"CVE-2021-20277\",\n \"CVE-2021-20316\",\n \"CVE-2021-36222\",\n \"CVE-2021-43566\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0140-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"openSUSE 15 Security Update : samba (openSUSE-SU-2022:0283-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be\n ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory,\n resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to\n an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that\n have write access to the exported part of the file system under a share via SMB1 unix extensions or via\n NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can\n then use SMB1 unix extension information queries to determine if the target of the symlink exists or not\n by examining error codes returned from the smbd server. There is no ability to access these files or\n directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix\n extensions are not enabled then there is no way to discover if a symlink points to a valid target or not\n via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1\n with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a\n file server can help attackers guess system user names or the exact operating system release and\n applications running on the server hosting Samba which may help mount further attacks. SMB1 has been\n disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the\n wild. (CVE-2021-44141)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195048\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/72ZRNFZ3DE3TJA7HFCVV476YJN6I4B5M/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dafccda9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0336\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-abstractions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-parser-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-profiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apparmor-utils-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ctdb-pcp-pmda\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-mini-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-plugin-preauth-spake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapparmor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapparmor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapparmor1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipa_hbac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipa_hbac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libldb2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libnfsidmap-sss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsamba-policy0-python3-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_certmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_certmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_nss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_nss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_simpleifp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsss_simpleifp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libtevent0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pam_apparmor-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ipa_hbac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-ldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-sss-murmur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-sss_nss_idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-sssd-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-talloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-talloc-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tdb-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tevent-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ad-dc-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-client-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-gpupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-ldb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-libs-python3-64bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:samba-winbind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-ipa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-krb5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-wbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-wbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sssd-winbind-idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:talloc-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tevent-man\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'apache2-mod_apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-abstractions-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-parser-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-parser-lang-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-profiles-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-utils-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apparmor-utils-lang-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-pcp-pmda-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-32bit-1.19.2-150300.8.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-client-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-devel-32bit-1.19.2-150300.8.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-mini-devel-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-kdb-ldap-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-otp-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-plugin-preauth-spake-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'krb5-server-1.19.2-150300.8.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ldb-tools-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libapparmor-devel-2.13.6-150300.3.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libapparmor1-2.13.6-150300.3.11.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libapparmor1-32bit-2.13.6-150300.3.11.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libipa_hbac-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libipa_hbac0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb-devel-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb2-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libldb2-32bit-2.4.1-150300.3.10.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libnfsidmap-sss-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsamba-policy0-python3-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_certmap-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_certmap0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_idmap-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_idmap0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_nss_idmap-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_nss_idmap0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_simpleifp-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsss_simpleifp0-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtalloc-devel-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtalloc2-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtalloc2-32bit-2.3.3-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtdb-devel-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtdb1-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtdb1-32bit-1.4.4-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent-devel-0.11.0-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent0-0.11.0-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libtevent0-32bit-0.11.0-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_apparmor-32bit-2.13.6-150300.3.11.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ipa_hbac-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-32bit-2.4.1-150300.3.10.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-ldb-devel-2.4.1-150300.3.10.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sss-murmur-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sss_nss_idmap-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-sssd-config-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-talloc-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-talloc-32bit-2.3.3-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-talloc-devel-2.3.3-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tdb-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tdb-32bit-1.4.4-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tevent-0.11.0-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-tevent-32bit-0.11.0-150300.3.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-apparmor-2.13.6-150300.3.11.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-python3-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'aarch64_ilp32', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-ad-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-common-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-dbus-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-ipa-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-krb5-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-krb5-common-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-ldap-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-proxy-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-tools-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-wbclient-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-wbclient-devel-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'sssd-winbind-idmap-1.16.1-150300.23.17.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'talloc-man-2.3.3-150300.3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tdb-tools-1.4.4-150300.3.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tevent-man-0.11.0-150300.3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_apparmor / apparmor-abstractions / apparmor-parser / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:59:30", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that have write access to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can then use SMB1 unix extension information queries to determine if the target of the symlink exists or not by examining error codes returned from the smbd server. There is no ability to access these files or directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix extensions are not enabled then there is no way to discover if a symlink points to a valid target or not via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1 with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a file server can help attackers guess system user names or the exact operating system release and applications running on the server hosting Samba which may help mount further attacks. SMB1 has been disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the wild. (CVE-2021-44141)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2022:0283-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27840", "CVE-2021-20277", "CVE-2021-20316", "CVE-2021-36222", "CVE-2021-43566", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-mod_apparmor", "p-cpe:/a:novell:suse_linux:apparmor-abstractions", "p-cpe:/a:novell:suse_linux:apparmor-docs", "p-cpe:/a:novell:suse_linux:apparmor-parser", "p-cpe:/a:novell:suse_linux:apparmor-parser-lang", "p-cpe:/a:novell:suse_linux:apparmor-profiles", "p-cpe:/a:novell:suse_linux:apparmor-utils", "p-cpe:/a:novell:suse_linux:apparmor-utils-lang", "p-cpe:/a:novell:suse_linux:ctdb", "p-cpe:/a:novell:suse_linux:krb5", "p-cpe:/a:novell:suse_linux:krb5-32bit", "p-cpe:/a:novell:suse_linux:krb5-client", "p-cpe:/a:novell:suse_linux:krb5-devel", "p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit", "p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-spake", "p-cpe:/a:novell:suse_linux:krb5-server", "p-cpe:/a:novell:suse_linux:ldb-tools", "p-cpe:/a:novell:suse_linux:libapparmor-devel", "p-cpe:/a:novell:suse_linux:libapparmor1", "p-cpe:/a:novell:suse_linux:libapparmor1-32bit", "p-cpe:/a:novell:suse_linux:libipa_hbac-devel", "p-cpe:/a:novell:suse_linux:libipa_hbac0", "p-cpe:/a:novell:suse_linux:libldb-devel", "p-cpe:/a:novell:suse_linux:libldb2", "p-cpe:/a:novell:suse_linux:libldb2-32bit", "p-cpe:/a:novell:suse_linux:libsamba-policy-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel", "p-cpe:/a:novell:suse_linux:libsamba-policy0-python3", "p-cpe:/a:novell:suse_linux:libsss_certmap-devel", "p-cpe:/a:novell:suse_linux:libsss_certmap0", "p-cpe:/a:novell:suse_linux:libsss_idmap-devel", "p-cpe:/a:novell:suse_linux:libsss_idmap0", "p-cpe:/a:novell:suse_linux:libsss_nss_idmap-devel", "p-cpe:/a:novell:suse_linux:libsss_nss_idmap0", "p-cpe:/a:novell:suse_linux:libsss_simpleifp-devel", "p-cpe:/a:novell:suse_linux:libsss_simpleifp0", "p-cpe:/a:novell:suse_linux:libtalloc-devel", "p-cpe:/a:novell:suse_linux:libtalloc2", "p-cpe:/a:novell:suse_linux:libtalloc2-32bit", "p-cpe:/a:novell:suse_linux:libtdb-devel", "p-cpe:/a:novell:suse_linux:libtdb1", "p-cpe:/a:novell:suse_linux:libtdb1-32bit", "p-cpe:/a:novell:suse_linux:libtevent-devel", "p-cpe:/a:novell:suse_linux:libtevent0", "p-cpe:/a:novell:suse_linux:libtevent0-32bit", "p-cpe:/a:novell:suse_linux:pam_apparmor", "p-cpe:/a:novell:suse_linux:pam_apparmor-32bit", "p-cpe:/a:novell:suse_linux:perl-apparmor", "p-cpe:/a:novell:suse_linux:python3-apparmor", "p-cpe:/a:novell:suse_linux:python3-ldb", "p-cpe:/a:novell:suse_linux:python3-ldb-devel", "p-cpe:/a:novell:suse_linux:python3-sssd-config", "p-cpe:/a:novell:suse_linux:python3-talloc", "p-cpe:/a:novell:suse_linux:python3-talloc-devel", "p-cpe:/a:novell:suse_linux:python3-tdb", "p-cpe:/a:novell:suse_linux:python3-tevent", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-ad-dc", "p-cpe:/a:novell:suse_linux:samba-ad-dc-libs", "p-cpe:/a:novell:suse_linux:samba-ad-dc-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-ceph", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-32bit", "p-cpe:/a:novell:suse_linux:samba-client-libs", "p-cpe:/a:novell:suse_linux:samba-client-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-devel", "p-cpe:/a:novell:suse_linux:samba-devel-32bit", "p-cpe:/a:novell:suse_linux:samba-dsdb-modules", "p-cpe:/a:novell:suse_linux:samba-gpupdate", "p-cpe:/a:novell:suse_linux:samba-ldb-ldap", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-libs-python3", "p-cpe:/a:novell:suse_linux:samba-python3", "p-cpe:/a:novell:suse_linux:samba-tool", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-libs", "p-cpe:/a:novell:suse_linux:samba-winbind-libs-32bit", "p-cpe:/a:novell:suse_linux:sssd", "p-cpe:/a:novell:suse_linux:sssd-ad", "p-cpe:/a:novell:suse_linux:sssd-common", "p-cpe:/a:novell:suse_linux:sssd-dbus", "p-cpe:/a:novell:suse_linux:sssd-ipa", "p-cpe:/a:novell:suse_linux:sssd-krb5", "p-cpe:/a:novell:suse_linux:sssd-krb5-common", "p-cpe:/a:novell:suse_linux:sssd-ldap", "p-cpe:/a:novell:suse_linux:sssd-proxy", "p-cpe:/a:novell:suse_linux:sssd-tools", "p-cpe:/a:novell:suse_linux:sssd-winbind-idmap", "p-cpe:/a:novell:suse_linux:talloc-man", "p-cpe:/a:novell:suse_linux:tdb-tools", "p-cpe:/a:novell:suse_linux:tevent-man", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0283-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157307", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0283-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157307);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\n \"CVE-2020-27840\",\n \"CVE-2021-20277\",\n \"CVE-2021-20316\",\n \"CVE-2021-36222\",\n \"CVE-2021-43566\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0283-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0140-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n script_xref(name:\"IAVB\", value:\"2021-B-0054-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2022:0283-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0283-1 advisory.\n\n - A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be\n ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory,\n resulting in a crash. The highest threat from this vulnerability is to system availability.\n (CVE-2020-27840)\n\n - A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to\n an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20277)\n\n - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before\n 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon\n crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Clients that\n have write access to the exported part of the file system under a share via SMB1 unix extensions or via\n NFS can create symlinks that point to arbitrary files or directories on the server filesystem. Clients can\n then use SMB1 unix extension information queries to determine if the target of the symlink exists or not\n by examining error codes returned from the smbd server. There is no ability to access these files or\n directories, only to determine if they exist or not. If SMB1 is turned off and only SMB2 is used, or unix\n extensions are not enabled then there is no way to discover if a symlink points to a valid target or not\n via SMB2. For this reason, even if symlinks are created via NFS, if the Samba server does not allow SMB1\n with unix extensions there is no way to exploit this bug. Finding out what files or directories exist on a\n file server can help attackers guess system user names or the exact operating system release and\n applications running on the server hosting Samba which may help mount further attacks. SMB1 has been\n disabled on Samba since version 4.11.0 and onwards. Exploitation of this bug has not been seen in the\n wild. (CVE-2021-44141)\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195048\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010164.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?105ef610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-36222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0336\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-mod_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-abstractions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-parser-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-profiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apparmor-utils-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-kdb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-otp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-pkinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-plugin-preauth-spake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:krb5-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ldb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libapparmor1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libipa_hbac-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libipa_hbac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libldb2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy-python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-policy0-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_certmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_certmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_nss_idmap-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_nss_idmap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_simpleifp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsss_simpleifp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtalloc2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtdb1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pam_apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:pam_apparmor-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:perl-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-apparmor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-ldb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-ldb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-sssd-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-talloc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-talloc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tevent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ad-dc-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ceph\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-gpupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-ldb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-tool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-dbus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ipa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-krb5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sssd-winbind-idmap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:talloc-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tdb-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tevent-man\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'ctdb-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-ha-release-15.3'},\n {'reference':'apparmor-abstractions-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-abstractions-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-docs-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-docs-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-parser-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-parser-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-parser-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-parser-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-profiles-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-profiles-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-utils-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-utils-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-utils-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'apparmor-utils-lang-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-32bit-1.19.2-150300.8.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-32bit-1.19.2-150300.8.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-client-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-client-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-devel-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-devel-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-plugin-preauth-otp-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-plugin-preauth-otp-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-plugin-preauth-spake-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'krb5-plugin-preauth-spake-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'ldb-tools-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'ldb-tools-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libapparmor-devel-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libapparmor-devel-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libapparmor1-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libapparmor1-2.13.6-150300.3.11.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libapparmor1-32bit-2.13.6-150300.3.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libapparmor1-32bit-2.13.6-150300.3.11.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libipa_hbac-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libipa_hbac-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libipa_hbac0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libipa_hbac0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libldb2-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libldb2-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libldb2-32bit-2.4.1-150300.3.10.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libldb2-32bit-2.4.1-150300.3.10.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_certmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_certmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_certmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_certmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_nss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_nss_idmap-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_nss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_nss_idmap0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_simpleifp-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_simpleifp-devel-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_simpleifp0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libsss_simpleifp0-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtalloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtalloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtalloc2-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtalloc2-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtalloc2-32bit-2.3.3-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtalloc2-32bit-2.3.3-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtdb-devel-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtdb-devel-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtdb1-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtdb1-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtdb1-32bit-1.4.4-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtdb1-32bit-1.4.4-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtevent-devel-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtevent-devel-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtevent0-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtevent0-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtevent0-32bit-0.11.0-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libtevent0-32bit-0.11.0-150300.3.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'pam_apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'pam_apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'pam_apparmor-32bit-2.13.6-150300.3.11.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'pam_apparmor-32bit-2.13.6-150300.3.11.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'perl-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'perl-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-ldb-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-ldb-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-ldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-ldb-devel-2.4.1-150300.3.10.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-sssd-config-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-sssd-config-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-talloc-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-talloc-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-talloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-talloc-devel-2.3.3-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-tdb-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-tdb-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-tevent-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'python3-tevent-0.11.0-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-ad-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-ad-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-dbus-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-dbus-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-ipa-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-ipa-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-krb5-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-krb5-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-krb5-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-krb5-common-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-ldap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-ldap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-proxy-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-proxy-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-tools-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-tools-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-winbind-idmap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'sssd-winbind-idmap-1.16.1-150300.23.17.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'talloc-man-2.3.3-150300.3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'talloc-man-2.3.3-150300.3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'tdb-tools-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'tdb-tools-1.4.4-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'tevent-man-0.11.0-150300.3.3.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'tevent-man-0.11.0-150300.3.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-python2-release-15.3'},\n {'reference':'samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-python2-release-15.3'},\n {'reference':'apache2-mod_apparmor-2.13.6-150300.3.11.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-server-applications-release-15.3'},\n {'reference':'krb5-plugin-kdb-ldap-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-server-applications-release-15.3'},\n {'reference':'krb5-server-1.19.2-150300.8.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-server-applications-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_apparmor / apparmor-abstractions / apparmor-docs / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:53:59", "description": "The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5260-1 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.10 : Samba vulnerabilities (USN-5260-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python3-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-5260-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157286", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5260-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157286);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"USN\", value:\"5260-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.10 : Samba vulnerabilities (USN-5260-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5260-1 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5260-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'ctdb', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'python3-samba', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-common', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'smbclient', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '20.04', 'pkgname': 'winbind', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.04.1'},\n {'osver': '21.10', 'pkgname': 'ctdb', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libsmbclient', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libwbclient0', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'python3-samba', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'registry-tools', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-common', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-dev', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-libs', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'smbclient', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'winbind', 'pkgver': '2:4.13.17~dfsg-0ubuntu0.21.10.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libsmbclient / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:43:16", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1438)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1438.NASL", "href": "https://www.tenable.com/plugins/nessus/159812", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159812);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1438)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?435ab4be\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.6-6.h19.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h19.eulerosv2r9\",\n \"samba-4.11.6-6.h19.eulerosv2r9\",\n \"samba-client-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h19.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h19.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:45:32", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1652)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1652.NASL", "href": "https://www.tenable.com/plugins/nessus/160676", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160676);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1652)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1652\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15e92e2d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.12-3.h11.eulerosv2r10\",\n \"libwbclient-4.11.12-3.h11.eulerosv2r10\",\n \"samba-4.11.12-3.h11.eulerosv2r10\",\n \"samba-client-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h11.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h11.eulerosv2r10\",\n \"samba-winbind-4.11.12-3.h11.eulerosv2r10\",\n \"samba-winbind-clients-4.11.12-3.h11.eulerosv2r10\",\n \"samba-winbind-modules-4.11.12-3.h11.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:43:44", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : samba (EulerOS-SA-2022-1586)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ctdb", "p-cpe:/a:huawei:euleros:ctdb-tests", "p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:python2-samba", "p-cpe:/a:huawei:euleros:python2-samba-test", "p-cpe:/a:huawei:euleros:python3-samba", "p-cpe:/a:huawei:euleros:python3-samba-test", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-dc-libs", "p-cpe:/a:huawei:euleros:samba-krb5-printing", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-pidl", "p-cpe:/a:huawei:euleros:samba-test", "p-cpe:/a:huawei:euleros:samba-test-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-krb5-locator", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/160148", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160148);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : samba (EulerOS-SA-2022-1586)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1586\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?81340c73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"ctdb-4.9.1-2.h36.eulerosv2r8\",\n \"ctdb-tests-4.9.1-2.h36.eulerosv2r8\",\n \"libsmbclient-4.9.1-2.h36.eulerosv2r8\",\n \"libwbclient-4.9.1-2.h36.eulerosv2r8\",\n \"python2-samba-4.9.1-2.h36.eulerosv2r8\",\n \"python2-samba-test-4.9.1-2.h36.eulerosv2r8\",\n \"python3-samba-4.9.1-2.h36.eulerosv2r8\",\n \"python3-samba-test-4.9.1-2.h36.eulerosv2r8\",\n \"samba-4.9.1-2.h36.eulerosv2r8\",\n \"samba-client-4.9.1-2.h36.eulerosv2r8\",\n \"samba-client-libs-4.9.1-2.h36.eulerosv2r8\",\n \"samba-common-4.9.1-2.h36.eulerosv2r8\",\n \"samba-common-libs-4.9.1-2.h36.eulerosv2r8\",\n \"samba-common-tools-4.9.1-2.h36.eulerosv2r8\",\n \"samba-dc-libs-4.9.1-2.h36.eulerosv2r8\",\n \"samba-krb5-printing-4.9.1-2.h36.eulerosv2r8\",\n \"samba-libs-4.9.1-2.h36.eulerosv2r8\",\n \"samba-pidl-4.9.1-2.h36.eulerosv2r8\",\n \"samba-test-4.9.1-2.h36.eulerosv2r8\",\n \"samba-test-libs-4.9.1-2.h36.eulerosv2r8\",\n \"samba-winbind-4.9.1-2.h36.eulerosv2r8\",\n \"samba-winbind-clients-4.9.1-2.h36.eulerosv2r8\",\n \"samba-winbind-krb5-locator-4.9.1-2.h36.eulerosv2r8\",\n \"samba-winbind-modules-4.9.1-2.h36.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:39:31", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5071 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "Debian DSA-5071-1 : samba - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25717", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ctdb", "p-cpe:/a:debian:debian_linux:libnss-winbind", "p-cpe:/a:debian:debian_linux:libpam-winbind", "p-cpe:/a:debian:debian_linux:libparse-pidl-perl", "p-cpe:/a:debian:debian_linux:libsmbclient", "p-cpe:/a:debian:debian_linux:libsmbclient-dev", "p-cpe:/a:debian:debian_linux:libwbclient-dev", "p-cpe:/a:debian:debian_linux:libwbclient0", "p-cpe:/a:debian:debian_linux:python-samba", "p-cpe:/a:debian:debian_linux:python3-samba", "p-cpe:/a:debian:debian_linux:registry-tools", "p-cpe:/a:debian:debian_linux:samba", "p-cpe:/a:debian:debian_linux:samba-common", "p-cpe:/a:debian:debian_linux:samba-common-bin", "p-cpe:/a:debian:debian_linux:samba-dev", "p-cpe:/a:debian:debian_linux:samba-dsdb-modules", "p-cpe:/a:debian:debian_linux:samba-libs", "p-cpe:/a:debian:debian_linux:samba-testsuite", "p-cpe:/a:debian:debian_linux:samba-vfs-modules", "p-cpe:/a:debian:debian_linux:smbclient", "p-cpe:/a:debian:debian_linux:winbind", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5071.NASL", "href": "https://www.tenable.com/plugins/nessus/157908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5071. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157908);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2020-25717\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Debian DSA-5071-1 : samba - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5071 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/samba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-25717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/samba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/samba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the samba packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libparse-pidl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'ctdb', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'libnss-winbind', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'libpam-winbind', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'libparse-pidl-perl', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'libsmbclient', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'libsmbclient-dev', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'libwbclient-dev', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'libwbclient0', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'python-samba', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'python3-samba', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'registry-tools', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba-common', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba-common-bin', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba-dev', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba-dsdb-modules', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba-libs', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba-testsuite', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'samba-vfs-modules', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'smbclient', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '10.0', 'prefix': 'winbind', 'reference': '2:4.9.5+dfsg-5+deb10u3'},\n {'release': '11.0', 'prefix': 'ctdb', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'libnss-winbind', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'libpam-winbind', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'libparse-pidl-perl', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'libsmbclient', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'libsmbclient-dev', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'libwbclient-dev', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'libwbclient0', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'python-samba', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'python3-samba', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'registry-tools', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba-common', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba-common-bin', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba-dev', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba-dsdb-modules', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba-libs', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba-testsuite', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'samba-vfs-modules', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'smbclient', 'reference': '2:4.13.13+dfsg-1~deb11u3'},\n {'release': '11.0', 'prefix': 'winbind', 'reference': '2:4.13.13+dfsg-1~deb11u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libparse-pidl-perl / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:46:05", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1666)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1666.NASL", "href": "https://www.tenable.com/plugins/nessus/160653", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160653);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1666)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1666\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c685ff0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.12-3.h11.eulerosv2r10\",\n \"libwbclient-4.11.12-3.h11.eulerosv2r10\",\n \"samba-4.11.12-3.h11.eulerosv2r10\",\n \"samba-client-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h11.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h11.eulerosv2r10\",\n \"samba-winbind-4.11.12-3.h11.eulerosv2r10\",\n \"samba-winbind-clients-4.11.12-3.h11.eulerosv2r10\",\n \"samba-winbind-modules-4.11.12-3.h11.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:50:24", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - Potential security vulnerabilities have been identified in HPE SimpliVity Omnistack for Hyper-V. The vulnerabilities could be remotely exploited to allow code execution, information leak and impersonate arbitrary services. (CVE-2022-0336)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-2038)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-2038.NASL", "href": "https://www.tenable.com/plugins/nessus/163189", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163189);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-2038)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - Potential security vulnerabilities have been identified in HPE SimpliVity Omnistack for Hyper-V. The\n vulnerabilities could be remotely exploited to allow code execution, information leak and impersonate\n arbitrary services. (CVE-2022-0336)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2038\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40fca7c7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"samba-4.11.12-3.h11.eulerosv2r10\",\n \"samba-client-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h11.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h11.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:48:37", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - Potential security vulnerabilities have been identified in HPE SimpliVity Omnistack for Hyper-V. The vulnerabilities could be remotely exploited to allow code execution, information leak and impersonate arbitrary services. (CVE-2022-0336)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2022-2066)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-2066.NASL", "href": "https://www.tenable.com/plugins/nessus/163214", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163214);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2022-2066)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - Potential security vulnerabilities have been identified in HPE SimpliVity Omnistack for Hyper-V. The\n vulnerabilities could be remotely exploited to allow code execution, information leak and impersonate\n arbitrary services. (CVE-2022-0336)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2066\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0af883a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"samba-4.11.12-3.h11.eulerosv2r10\",\n \"samba-client-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-4.11.12-3.h11.eulerosv2r10\",\n \"samba-common-tools-4.11.12-3.h11.eulerosv2r10\",\n \"samba-libs-4.11.12-3.h11.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:44:03", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2022-1614)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2022-1614.NASL", "href": "https://www.tenable.com/plugins/nessus/160592", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160592);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2022-1614)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1614\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?94fefb84\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.6-6.h19.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h19.eulerosv2r9\",\n \"samba-4.11.6-6.h19.eulerosv2r9\",\n \"samba-client-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h19.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h19.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:44:26", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : samba (EulerOS-SA-2022-1638)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2022-1638.NASL", "href": "https://www.tenable.com/plugins/nessus/160638", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160638);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : samba (EulerOS-SA-2022-1638)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1638\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c177ecc2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.6-6.h19.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h19.eulerosv2r9\",\n \"samba-4.11.6-6.h19.eulerosv2r9\",\n \"samba-client-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h19.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h19.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:42:38", "description": "According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1459)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1459.NASL", "href": "https://www.tenable.com/plugins/nessus/159779", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159779);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : samba (EulerOS-SA-2022-1459)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1459\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bea9cdc1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libsmbclient-4.11.6-6.h19.eulerosv2r9\",\n \"libwbclient-4.11.6-6.h19.eulerosv2r9\",\n \"samba-4.11.6-6.h19.eulerosv2r9\",\n \"samba-client-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-4.11.6-6.h19.eulerosv2r9\",\n \"samba-common-tools-4.11.6-6.h19.eulerosv2r9\",\n \"samba-libs-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-clients-4.11.6-6.h19.eulerosv2r9\",\n \"samba-winbind-modules-4.11.6-6.h19.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T18:56:16", "description": "According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : samba (EulerOS-SA-2022-2589)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43566", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ctdb", "p-cpe:/a:huawei:euleros:ctdb-tests", "p-cpe:/a:huawei:euleros:libsmbclient", "p-cpe:/a:huawei:euleros:libwbclient", "p-cpe:/a:huawei:euleros:python2-samba", "p-cpe:/a:huawei:euleros:python2-samba-test", "p-cpe:/a:huawei:euleros:python3-samba", "p-cpe:/a:huawei:euleros:python3-samba-test", "p-cpe:/a:huawei:euleros:samba", "p-cpe:/a:huawei:euleros:samba-client", "p-cpe:/a:huawei:euleros:samba-client-libs", "p-cpe:/a:huawei:euleros:samba-common", "p-cpe:/a:huawei:euleros:samba-common-libs", "p-cpe:/a:huawei:euleros:samba-common-tools", "p-cpe:/a:huawei:euleros:samba-dc-libs", "p-cpe:/a:huawei:euleros:samba-krb5-printing", "p-cpe:/a:huawei:euleros:samba-libs", "p-cpe:/a:huawei:euleros:samba-pidl", "p-cpe:/a:huawei:euleros:samba-test", "p-cpe:/a:huawei:euleros:samba-test-libs", "p-cpe:/a:huawei:euleros:samba-winbind", "p-cpe:/a:huawei:euleros:samba-winbind-clients", "p-cpe:/a:huawei:euleros:samba-winbind-krb5-locator", "p-cpe:/a:huawei:euleros:samba-winbind-modules", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-2589.NASL", "href": "https://www.tenable.com/plugins/nessus/165938", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165938);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-43566\", \"CVE-2021-44142\", \"CVE-2022-0336\");\n script_xref(name:\"IAVA\", value:\"2022-A-0020-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : samba (EulerOS-SA-2022-2589)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to\n allow a directory to be created in an area of the server file system not exported under the share\n definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack\n to succeed. (CVE-2021-43566)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2589\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bc5bc7e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected samba packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"ctdb-4.9.1-2.h37.eulerosv2r8\",\n \"ctdb-tests-4.9.1-2.h37.eulerosv2r8\",\n \"libsmbclient-4.9.1-2.h37.eulerosv2r8\",\n \"libwbclient-4.9.1-2.h37.eulerosv2r8\",\n \"python2-samba-4.9.1-2.h37.eulerosv2r8\",\n \"python2-samba-test-4.9.1-2.h37.eulerosv2r8\",\n \"python3-samba-4.9.1-2.h37.eulerosv2r8\",\n \"python3-samba-test-4.9.1-2.h37.eulerosv2r8\",\n \"samba-4.9.1-2.h37.eulerosv2r8\",\n \"samba-client-4.9.1-2.h37.eulerosv2r8\",\n \"samba-client-libs-4.9.1-2.h37.eulerosv2r8\",\n \"samba-common-4.9.1-2.h37.eulerosv2r8\",\n \"samba-common-libs-4.9.1-2.h37.eulerosv2r8\",\n \"samba-common-tools-4.9.1-2.h37.eulerosv2r8\",\n \"samba-dc-libs-4.9.1-2.h37.eulerosv2r8\",\n \"samba-krb5-printing-4.9.1-2.h37.eulerosv2r8\",\n \"samba-libs-4.9.1-2.h37.eulerosv2r8\",\n \"samba-pidl-4.9.1-2.h37.eulerosv2r8\",\n \"samba-test-4.9.1-2.h37.eulerosv2r8\",\n \"samba-test-libs-4.9.1-2.h37.eulerosv2r8\",\n \"samba-winbind-4.9.1-2.h37.eulerosv2r8\",\n \"samba-winbind-clients-4.9.1-2.h37.eulerosv2r8\",\n \"samba-winbind-krb5-locator-4.9.1-2.h37.eulerosv2r8\",\n \"samba-winbind-modules-4.9.1-2.h37.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"samba\");\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T19:03:46", "description": "The version of samba installed on the remote host is prior to 4.16.2-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-224 advisory.\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. (CVE-2021-20316)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : samba (ALAS2022-2022-224)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2124", "CVE-2020-25717", "CVE-2020-25718", "CVE-2020-25719", "CVE-2020-25721", "CVE-2020-25722", "CVE-2021-20316", "CVE-2021-23192", "CVE-2021-3738", "CVE-2021-44141", "CVE-2021-44142", "CVE-2022-0336"], "modified": "2023-02-03T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ctdb", "p-cpe:/a:amazon:linux:ctdb-debuginfo", "p-cpe:/a:amazon:linux:libsmbclient", "p-cpe:/a:amazon:linux:libsmbclient-debuginfo", "p-cpe:/a:amazon:linux:libsmbclient-devel", "p-cpe:/a:amazon:linux:libwbclient", "p-cpe:/a:amazon:linux:libwbclient-debuginfo", "p-cpe:/a:amazon:linux:libwbclient-devel", "p-cpe:/a:amazon:linux:python3-samba", "p-cpe:/a:amazon:linux:python3-samba-dc", "p-cpe:/a:amazon:linux:python3-samba-dc-debuginfo", "p-cpe:/a:amazon:linux:python3-samba-debuginfo", "p-cpe:/a:amazon:linux:python3-samba-devel", "p-cpe:/a:amazon:linux:python3-samba-test", "p-cpe:/a:amazon:linux:samba", "p-cpe:/a:amazon:linux:samba-client", "p-cpe:/a:amazon:linux:samba-client-debuginfo", "p-cpe:/a:amazon:linux:samba-client-libs", "p-cpe:/a:amazon:linux:samba-client-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-common", "p-cpe:/a:amazon:linux:samba-common-libs", "p-cpe:/a:amazon:linux:samba-common-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-common-tools", "p-cpe:/a:amazon:linux:samba-common-tools-debuginfo", "p-cpe:/a:amazon:linux:samba-dc", "p-cpe:/a:amazon:linux:samba-dc-bind-dlz", "p-cpe:/a:amazon:linux:samba-dc-bind-dlz-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-libs", "p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-dc-provision", "p-cpe:/a:amazon:linux:samba-debuginfo", "p-cpe:/a:amazon:linux:samba-debugsource", "p-cpe:/a:amazon:linux:samba-devel", "p-cpe:/a:amazon:linux:samba-krb5-printing", "p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo", "p-cpe:/a:amazon:linux:samba-libs", "p-cpe:/a:amazon:linux:samba-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-pidl", "p-cpe:/a:amazon:linux:samba-test", "p-cpe:/a:amazon:linux:samba-test-debuginfo", "p-cpe:/a:amazon:linux:samba-test-libs", "p-cpe:/a:amazon:linux:samba-test-libs-debuginfo", "p-cpe:/a:amazon:linux:samba-vfs-iouring", "p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind", "p-cpe:/a:amazon:linux:samba-winbind-clients", "p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator", "p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo", "p-cpe:/a:amazon:linux:samba-winbind-modules", "p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-224.NASL", "href": "https://www.tenable.com/plugins/nessus/168583", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-224.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168583);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2016-2124\",\n \"CVE-2020-25717\",\n \"CVE-2020-25718\",\n \"CVE-2020-25719\",\n \"CVE-2020-25721\",\n \"CVE-2020-25722\",\n \"CVE-2021-3738\",\n \"CVE-2021-20316\",\n \"CVE-2021-23192\",\n \"CVE-2021-44141\",\n \"CVE-2021-44142\",\n \"CVE-2022-0336\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0554-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Amazon Linux 2022 : samba (ALAS2022-2022-224)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of samba installed on the remote host is prior to 4.16.2-0. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2022-2022-224 advisory.\n\n - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to\n retrieve the plaintext password sent over the wire even if Kerberos authentication was required.\n (CVE-2016-2124)\n\n - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use\n this flaw to cause possible privilege escalation. (CVE-2020-25717)\n\n - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC\n (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)\n\n - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-\n based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did\n not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total\n domain compromise. (CVE-2020-25719)\n\n - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now\n provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.\n (CVE-2020-25721)\n\n - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored\n data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)\n\n - A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated\n attacker with permissions to read or modify share metadata, to perform this operation outside of the\n share. (CVE-2021-20316)\n\n - A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large\n DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data,\n bypassing the signature requirements. (CVE-2021-23192)\n\n - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections\n via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb\n database. However while the database was correctly shared, the user credentials state was only pointed at,\n and when one connection within that association group ended, the database would be left pointing at an\n invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-\n after-free could instead allow different user state to be pointed at and this might allow more privileged\n access. (CVE-2021-3738)\n\n - All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to\n determine if a file or directory exists in an area of the server file system not exported under the share\n definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.\n (CVE-2021-44141)\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\n - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that\n SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an\n account modification re-adds an SPN that was previously present on that account, such as one added when a\n computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to\n perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an\n attacker who can intercept traffic can impersonate existing services, resulting in a loss of\n confidentiality and integrity. (CVE-2022-0336)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-224.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2016-2124.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25717.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25718.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25722.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-20316.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-23192.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3738.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44141.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44142.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0336.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update samba' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0336\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ctdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-client-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-common-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-bind-dlz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-bind-dlz-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-dc-provision\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-test-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ctdb-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.16.2-0.amzn2022.0.2', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-bind-dlz-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-provision-4.16.2-0.amzn2022.0.2', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debugsource-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.16.2-0.amzn2022.0.2', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-debuginfo-4.16.2-0.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ctdb / ctdb-debuginfo / libsmbclient / etc\");\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-24T00:23:57", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0328 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "RHEL 7 : samba (RHSA-2022:0328)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-dc", "p-cpe:/a:redhat:enterprise_linux:samba-dc-libs", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-python", "p-cpe:/a:redhat:enterprise_linux:samba-python-test", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"], "id": "REDHAT-RHSA-2022-0328.NASL", "href": "https://www.tenable.com/plugins/nessus/157265", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0328. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157265);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"RHSA\", value:\"2022:0328\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"RHEL 7 : samba (RHSA-2022:0328)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0328 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2046146\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-glusterfs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-18.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-24T00:22:45", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0331 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "RHEL 8 : samba (RHSA-2022:0331)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:python3-samba-test", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "p-cpe:/a:redhat:enterprise_linux:samba-winexe"], "id": "REDHAT-RHSA-2022-0331.NASL", "href": "https://www.tenable.com/plugins/nessus/157269", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0331. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157269);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"RHSA\", value:\"2022:0331\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"RHEL 8 : samba (RHSA-2022:0331)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0331 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2046146\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winexe\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.13.3-9.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.13.3-9.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-02T14:50:00", "description": "The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5260-2 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Samba vulnerability (USN-5260-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:ctdb", "p-cpe:/a:canonical:ubuntu_linux:libnss-winbind", "p-cpe:/a:canonical:ubuntu_linux:libpam-winbind", "p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient", "p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libwbclient0", "p-cpe:/a:canonical:ubuntu_linux:python-samba", "p-cpe:/a:canonical:ubuntu_linux:registry-tools", "p-cpe:/a:canonical:ubuntu_linux:samba", "p-cpe:/a:canonical:ubuntu_linux:samba-common", "p-cpe:/a:canonical:ubuntu_linux:samba-common-bin", "p-cpe:/a:canonical:ubuntu_linux:samba-dev", "p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules", "p-cpe:/a:canonical:ubuntu_linux:samba-libs", "p-cpe:/a:canonical:ubuntu_linux:samba-testsuite", "p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules", "p-cpe:/a:canonical:ubuntu_linux:smbclient", "p-cpe:/a:canonical:ubuntu_linux:winbind"], "id": "UBUNTU_USN-5260-2.NASL", "href": "https://www.tenable.com/plugins/nessus/157287", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5260-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157287);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"USN\", value:\"5260-2\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Samba vulnerability (USN-5260-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the\nUSN-5260-2 advisory.\n\n - The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide ...enhanced compatibility\n with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver. Samba versions prior to\n 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via\n specially crafted extended file attributes. A remote attacker with write access to extended file\n attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5260-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpam-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libparse-pidl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:registry-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-common-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-dsdb-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:samba-vfs-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:smbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:winbind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'ctdb', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'libnss-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'libpam-winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'libparse-pidl-perl', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'libsmbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'libsmbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'libwbclient-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'libwbclient0', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'python-samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'registry-tools', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba-common', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba-common-bin', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba-dev', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba-dsdb-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba-libs', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba-testsuite', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'samba-vfs-modules', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'smbclient', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'},\n {'osver': '18.04', 'pkgname': 'winbind', 'pkgver': '2:4.7.6+dfsg~ubuntu-0ubuntu2.28'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libnss-winbind / libpam-winbind / libparse-pidl-perl / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:55:13", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0330 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "RHEL 8 : samba (RHSA-2022:0330)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:python3-samba-test", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"], "id": "REDHAT-RHSA-2022-0330.NASL", "href": "https://www.tenable.com/plugins/nessus/157270", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0330. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157270);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"RHSA\", value:\"2022:0330\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"RHEL 8 : samba (RHSA-2022:0330)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0330 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2046146\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.11.2-19.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:55:13", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:0252-1 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : samba (SUSE-SU-2022:0252-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2022-11-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libdcerpc-binding0", "p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit", "p-cpe:/a:novell:suse_linux:libdcerpc0", "p-cpe:/a:novell:suse_linux:libdcerpc0-32bit", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0", "p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit", "p-cpe:/a:novell:suse_linux:libndr-nbt0", "p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit", "p-cpe:/a:novell:suse_linux:libndr-standard0", "p-cpe:/a:novell:suse_linux:libndr-standard0-32bit", "p-cpe:/a:novell:suse_linux:libndr0", "p-cpe:/a:novell:suse_linux:libndr0-32bit", "p-cpe:/a:novell:suse_linux:libnetapi0", "p-cpe:/a:novell:suse_linux:libnetapi0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-credentials0", "p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-errors0", "p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0", "p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-passdb0", "p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit", "p-cpe:/a:novell:suse_linux:libsamba-util0", "p-cpe:/a:novell:suse_linux:libsamba-util0-32bit", "p-cpe:/a:novell:suse_linux:libsamdb0", "p-cpe:/a:novell:suse_linux:libsamdb0-32bit", "p-cpe:/a:novell:suse_linux:libsmbclient0", "p-cpe:/a:novell:suse_linux:libsmbclient0-32bit", "p-cpe:/a:novell:suse_linux:libsmbconf0", "p-cpe:/a:novell:suse_linux:libsmbconf0-32bit", "p-cpe:/a:novell:suse_linux:libsmbldap0", "p-cpe:/a:novell:suse_linux:libsmbldap0-32bit", "p-cpe:/a:novell:suse_linux:libtevent-util0", "p-cpe:/a:novell:suse_linux:libtevent-util0-32bit", "p-cpe:/a:novell:suse_linux:libwbclient0", "p-cpe:/a:novell:suse_linux:libwbclient0-32bit", "p-cpe:/a:novell:suse_linux:samba", "p-cpe:/a:novell:suse_linux:samba-client", "p-cpe:/a:novell:suse_linux:samba-client-32bit", "p-cpe:/a:novell:suse_linux:samba-doc", "p-cpe:/a:novell:suse_linux:samba-libs", "p-cpe:/a:novell:suse_linux:samba-libs-32bit", "p-cpe:/a:novell:suse_linux:samba-winbind", "p-cpe:/a:novell:suse_linux:samba-winbind-32bit", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0252-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157273", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0252-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157273);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0252-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : samba (SUSE-SU-2022:0252-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2022:0252-1 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194859\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010150.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34258dcb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc-binding0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdcerpc0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-krb5pac0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-nbt0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr-standard0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libndr0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libnetapi0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-credentials0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-errors0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-hostconfig0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-passdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamba-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsamdb0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmbldap0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libtevent-util0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libwbclient0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-client-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:samba-winbind-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libdcerpc-binding0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libdcerpc-binding0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libdcerpc0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libdcerpc0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr-krb5pac0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr-krb5pac0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr-nbt0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr-nbt0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr-standard0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr-standard0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libndr0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libnetapi0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libnetapi0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-credentials0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-credentials0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-errors0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-errors0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-hostconfig0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-hostconfig0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-passdb0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-passdb0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-util0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamba-util0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamdb0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsamdb0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsmbclient0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsmbclient0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsmbconf0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsmbconf0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsmbldap0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libsmbldap0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libtevent-util0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libtevent-util0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libwbclient0-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libwbclient0-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-client-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-client-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-doc-4.4.2-38.48.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-libs-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-libs-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-winbind-32bit-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'samba-winbind-4.4.2-38.48.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libdcerpc-binding0 / libdcerpc-binding0-32bit / libdcerpc0 / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:53:58", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0329 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "RHEL 8 : samba (RHSA-2022:0329)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:ctdb-tests", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:python3-samba-test", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules"], "id": "REDHAT-RHSA-2022-0329.NASL", "href": "https://www.tenable.com/plugins/nessus/157268", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0329. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157268);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"RHSA\", value:\"2022:0329\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"RHEL 8 : samba (RHSA-2022:0329)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0329 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2046146\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.4-103.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.4-103.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.10.4-103.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.4-103.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.10.4-103.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.4-103.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.10.4-103.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.4-103.el8_1', 'sp':'1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.4-103.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / libwbclient / python3-samba / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:54:00", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0328 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : samba (ELSA-2022-0328)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2022-11-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:ctdb", "p-cpe:/a:oracle:linux:ctdb-tests", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:libwbclient", "p-cpe:/a:oracle:linux:libwbclient-devel", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-client-libs", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-common-libs", "p-cpe:/a:oracle:linux:samba-common-tools", "p-cpe:/a:oracle:linux:samba-dc", "p-cpe:/a:oracle:linux:samba-dc-libs", "p-cpe:/a:oracle:linux:samba-devel", "p-cpe:/a:oracle:linux:samba-krb5-printing", "p-cpe:/a:oracle:linux:samba-libs", "p-cpe:/a:oracle:linux:samba-pidl", "p-cpe:/a:oracle:linux:samba-python", "p-cpe:/a:oracle:linux:samba-python-test", "p-cpe:/a:oracle:linux:samba-test", "p-cpe:/a:oracle:linux:samba-test-libs", "p-cpe:/a:oracle:linux:samba-vfs-glusterfs", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "p-cpe:/a:oracle:linux:samba-winbind-modules"], "id": "ORACLELINUX_ELSA-2022-0328.NASL", "href": "https://www.tenable.com/plugins/nessus/157274", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0328.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157274);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Oracle Linux 7 : samba (ELSA-2022-0328)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-0328 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0328.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.10.16-18.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-glusterfs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-18.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-18.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:54:39", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:0328-1 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-31T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2022:0328)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2022-11-28T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:ctdb", "p-cpe:/a:fermilab:scientific_linux:ctdb-tests", "p-cpe:/a:fermilab:scientific_linux:libsmbclient", "p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel", "p-cpe:/a:fermilab:scientific_linux:libwbclient", "p-cpe:/a:fermilab:scientific_linux:libwbclient-devel", "p-cpe:/a:fermilab:scientific_linux:samba", "p-cpe:/a:fermilab:scientific_linux:samba-client", "p-cpe:/a:fermilab:scientific_linux:samba-client-libs", "p-cpe:/a:fermilab:scientific_linux:samba-common", "p-cpe:/a:fermilab:scientific_linux:samba-common-libs", "p-cpe:/a:fermilab:scientific_linux:samba-common-tools", "p-cpe:/a:fermilab:scientific_linux:samba-dc", "p-cpe:/a:fermilab:scientific_linux:samba-dc-libs", "p-cpe:/a:fermilab:scientific_linux:samba-debuginfo", "p-cpe:/a:fermilab:scientific_linux:samba-devel", "p-cpe:/a:fermilab:scientific_linux:samba-krb5-printing", "p-cpe:/a:fermilab:scientific_linux:samba-libs", "p-cpe:/a:fermilab:scientific_linux:samba-pidl", "p-cpe:/a:fermilab:scientific_linux:samba-python", "p-cpe:/a:fermilab:scientific_linux:samba-python-test", "p-cpe:/a:fermilab:scientific_linux:samba-test", "p-cpe:/a:fermilab:scientific_linux:samba-test-libs", "p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs", "p-cpe:/a:fermilab:scientific_linux:samba-winbind", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator", "p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules"], "id": "SL_20220131_SAMBA_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/157247", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157247);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"RHSA\", value:\"RHSA-2022:0328\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2022:0328)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2022:0328-1 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20220328-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ctdb-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-dc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-dc-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-vfs-glusterfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-tests-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.10.16-18.el7_9', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-dc-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-debuginfo-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.10.16-18.el7_9', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-python-test-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-glusterfs-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-18.el7_9', 'cpu':'i686', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.10.16-18.el7_9', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / ctdb-tests / libsmbclient / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:53:59", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0332 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "RHEL 8 : samba (RHSA-2022:0332)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:ctdb", "p-cpe:/a:redhat:enterprise_linux:libsmbclient", "p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel", "p-cpe:/a:redhat:enterprise_linux:libwbclient", "p-cpe:/a:redhat:enterprise_linux:libwbclient-devel", "p-cpe:/a:redhat:enterprise_linux:python3-samba", "p-cpe:/a:redhat:enterprise_linux:python3-samba-test", "p-cpe:/a:redhat:enterprise_linux:samba", "p-cpe:/a:redhat:enterprise_linux:samba-client", "p-cpe:/a:redhat:enterprise_linux:samba-client-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common", "p-cpe:/a:redhat:enterprise_linux:samba-common-libs", "p-cpe:/a:redhat:enterprise_linux:samba-common-tools", "p-cpe:/a:redhat:enterprise_linux:samba-devel", "p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing", "p-cpe:/a:redhat:enterprise_linux:samba-libs", "p-cpe:/a:redhat:enterprise_linux:samba-pidl", "p-cpe:/a:redhat:enterprise_linux:samba-test", "p-cpe:/a:redhat:enterprise_linux:samba-test-libs", "p-cpe:/a:redhat:enterprise_linux:samba-vfs-iouring", "p-cpe:/a:redhat:enterprise_linux:samba-winbind", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator", "p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules", "p-cpe:/a:redhat:enterprise_linux:samba-winexe"], "id": "REDHAT-RHSA-2022-0332.NASL", "href": "https://www.tenable.com/plugins/nessus/157285", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0332. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157285);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"RHSA\", value:\"2022:0332\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"RHEL 8 : samba (RHSA-2022:0332)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0332 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0332\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2046146\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:samba-winexe\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.14.5-9.el8_5', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.14.5-9.el8_5', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ctdb-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / libwbclient / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:56:29", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0332 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : samba (ELSA-2022-0332)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2022-11-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:ctdb", "p-cpe:/a:oracle:linux:libsmbclient", "p-cpe:/a:oracle:linux:libsmbclient-devel", "p-cpe:/a:oracle:linux:libwbclient", "p-cpe:/a:oracle:linux:libwbclient-devel", "p-cpe:/a:oracle:linux:python3-samba", "p-cpe:/a:oracle:linux:python3-samba-test", "p-cpe:/a:oracle:linux:samba", "p-cpe:/a:oracle:linux:samba-client", "p-cpe:/a:oracle:linux:samba-client-libs", "p-cpe:/a:oracle:linux:samba-common", "p-cpe:/a:oracle:linux:samba-common-libs", "p-cpe:/a:oracle:linux:samba-common-tools", "p-cpe:/a:oracle:linux:samba-devel", "p-cpe:/a:oracle:linux:samba-krb5-printing", "p-cpe:/a:oracle:linux:samba-libs", "p-cpe:/a:oracle:linux:samba-pidl", "p-cpe:/a:oracle:linux:samba-test", "p-cpe:/a:oracle:linux:samba-test-libs", "p-cpe:/a:oracle:linux:samba-vfs-iouring", "p-cpe:/a:oracle:linux:samba-winbind", "p-cpe:/a:oracle:linux:samba-winbind-clients", "p-cpe:/a:oracle:linux:samba-winbind-krb5-locator", "p-cpe:/a:oracle:linux:samba-winbind-modules", "p-cpe:/a:oracle:linux:samba-winexe"], "id": "ORACLELINUX_ELSA-2022-0332.NASL", "href": "https://www.tenable.com/plugins/nessus/157277", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0332.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157277);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/08\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"Oracle Linux 8 : samba (ELSA-2022-0332)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-0332 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution\n (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0332.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44142\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ctdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsmbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libwbclient-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-client-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-common-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-krb5-printing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-pidl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-test-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-vfs-iouring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-krb5-locator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winbind-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:samba-winexe\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'ctdb-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ctdb-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmbclient-devel-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libwbclient-devel-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-samba-test-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-client-libs-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-libs-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-common-tools-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-devel-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-krb5-printing-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-libs-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-pidl-4.14.5-9.el8_5', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-test-libs-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-vfs-iouring-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-clients-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-krb5-locator-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.14.5-9.el8_5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.14.5-9.el8_5', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winbind-modules-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'samba-winexe-4.14.5-9.el8_5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ctdb / libsmbclient / libsmbclient-devel / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-03T14:55:13", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:0328 advisory.\n\n - samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution (CVE-2021-44142)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-01T00:00:00", "type": "nessus", "title": "CentOS 7 : samba (CESA-2022:0328)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44142"], "modified": "2022-11-28T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ctdb", "p-cpe:/a:centos:centos:ctdb-tests", "p-cpe:/a:centos:centos:libsmbclient", "p-cpe:/a:centos:centos:libsmbclient-devel", "p-cpe:/a:centos:centos:libwbclient", "p-cpe:/a:centos:centos:libwbclient-devel", "p-cpe:/a:centos:centos:samba", "p-cpe:/a:centos:centos:samba-client", "p-cpe:/a:centos:centos:samba-client-libs", "p-cpe:/a:centos:centos:samba-common", "p-cpe:/a:centos:centos:samba-common-libs", "p-cpe:/a:centos:centos:samba-common-tools", "p-cpe:/a:centos:centos:samba-dc", "p-cpe:/a:centos:centos:samba-dc-libs", "p-cpe:/a:centos:centos:samba-devel", "p-cpe:/a:centos:centos:samba-krb5-printing", "p-cpe:/a:centos:centos:samba-libs", "p-cpe:/a:centos:centos:samba-pidl", "p-cpe:/a:centos:centos:samba-python", "p-cpe:/a:centos:centos:samba-python-test", "p-cpe:/a:centos:centos:samba-test", "p-cpe:/a:centos:centos:samba-test-libs", "p-cpe:/a:centos:centos:samba-vfs-glusterfs", "p-cpe:/a:centos:centos:samba-winbind", "p-cpe:/a:centos:centos:samba-winbind-clients", "p-cpe:/a:centos:centos:samba-winbind-krb5-locator", "p-cpe:/a:centos:centos:samba-winbind-modules", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2022-0328.NASL", "href": "https://www.tenable.com/plugins/nessus/157294", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0328 and\n# CentOS Errata and Security Advisory 2022:0328 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157294);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\"CVE-2021-44142\");\n script_xref(name:\"RHSA\", value:\"2022:0328\");\n script_xref(name:\"IAVA\", value:\"2022-A-0054-S\");\n\n script_name(english:\"CentOS 7 : samba (CESA-2022:0328)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affecte
Updated samba packages fix security vulnerability
