It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-032 advisory.
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
(CVE-2016-2124)
<p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p> (CVE-2020-17049)
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. (CVE-2021-20316)
All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. (CVE-2021-43566)
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
(CVE-2021-44141)
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. (CVE-2022-0336)
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. (CVE-2022-1615)
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). (CVE-2022-32742)
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. (CVE-2022-32743)
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make ‘smbd’ escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the ‘smbd’ configured share path and gain access to another restricted server’s filesystem.
(CVE-2022-3592)
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)
Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)
Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts- hmac-sha1-96). (CVE-2022-45141)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-032.
##
include('compat.inc');
if (description)
{
script_id(173148);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");
script_cve_id(
"CVE-2016-2124",
"CVE-2020-17049",
"CVE-2021-20316",
"CVE-2021-43566",
"CVE-2021-44141",
"CVE-2022-0336",
"CVE-2022-1615",
"CVE-2022-3437",
"CVE-2022-3592",
"CVE-2022-32742",
"CVE-2022-32743",
"CVE-2022-32746",
"CVE-2022-37966",
"CVE-2022-37967",
"CVE-2022-38023",
"CVE-2022-45141"
);
script_xref(name:"IAVA", value:"2022-A-0447-S");
script_xref(name:"IAVA", value:"2022-A-0020-S");
script_xref(name:"IAVA", value:"2022-A-0054-S");
script_xref(name:"IAVA", value:"2022-A-0299-S");
script_xref(name:"IAVA", value:"2023-A-0004-S");
script_name(english:"Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-032)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-032 advisory.
- A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to
retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
(CVE-2016-2124)
- <p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a
service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the
vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that
is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability
by changing how the KDC validates service tickets used with KCD.</p> (CVE-2020-17049)
- A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated
attacker with permissions to read or modify share metadata, to perform this operation outside of the
share. (CVE-2021-20316)
- All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to
allow a directory to be created in an area of the server file system not exported under the share
definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack
to succeed. (CVE-2021-43566)
- All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to
determine if a file or directory exists in an area of the server file system not exported under the share
definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
(CVE-2021-44141)
- The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that
SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an
account modification re-adds an SPN that was previously present on that account, such as one added when a
computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to
perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an
attacker who can intercept traffic can impersonate existing services, resulting in a loss of
confidentiality and integrity. (CVE-2022-0336)
- In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. (CVE-2022-1615)
- A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client
had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or
printer) instead of client-supplied data. The client cannot control the area of the server memory written
to the file (or printer). (CVE-2022-32742)
- Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit
unprivileged users to write it. (CVE-2022-32743)
- A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP
message values freed by a preceding database module, resulting in a use-after-free issue. This issue is
only possible when modifying certain privileged attributes, such as userAccountControl. (CVE-2022-32746)
- A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and
unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI
library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a
maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the
application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)
- A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will
make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported
part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside
the 'smbd' configured share path and gain access to another restricted server's filesystem.
(CVE-2022-3592)
- Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability (CVE-2022-37966)
- Windows Kerberos Elevation of Privilege Vulnerability (CVE-2022-37967)
- Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)
- Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov
8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will
issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-
hmac-sha1-96). (CVE-2022-45141)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-032.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2016-2124.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-17049.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-20316.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-43566.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-44141.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-0336.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-1615.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3437.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-3592.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-32742.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-32743.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-32746.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-37966.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-37967.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-38023.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-45141.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update samba --releasever=2023.0.20230222 ' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17049");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-45141");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/10");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libnetapi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libnetapi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libnetapi-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsmbclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsmbclient-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsmbclient-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libwbclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libwbclient-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libwbclient-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-samba-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-samba-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-samba-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-dc-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-dc-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-dcerpc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-dcerpc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-krb5-printing");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-krb5-printing-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-ldb-ldap-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-ldb-ldap-modules-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-pidl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-usershares");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-vfs-iouring");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-vfs-iouring-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-clients-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-modules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-modules-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'libnetapi-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libnetapi-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libnetapi-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libnetapi-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libnetapi-devel-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libnetapi-devel-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libsmbclient-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libsmbclient-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libsmbclient-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libsmbclient-devel-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libsmbclient-devel-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libwbclient-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libwbclient-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libwbclient-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libwbclient-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libwbclient-devel-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libwbclient-devel-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-devel-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-devel-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-test-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-samba-test-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-libs-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-libs-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-client-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-4.17.5-0.amzn2023.0.2', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-libs-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-libs-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-tools-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-tools-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-common-tools-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dc-libs-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dc-libs-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dc-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dcerpc-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dcerpc-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-dcerpc-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-debugsource-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-debugsource-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-devel-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-devel-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-krb5-printing-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-krb5-printing-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-krb5-printing-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-ldb-ldap-modules-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-ldb-ldap-modules-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-libs-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-libs-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-pidl-4.17.5-0.amzn2023.0.2', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-libs-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-libs-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-test-libs-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-usershares-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-usershares-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-vfs-iouring-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-vfs-iouring-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-vfs-iouring-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-clients-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-clients-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-clients-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-krb5-locator-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-krb5-locator-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-modules-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-modules-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'samba-winbind-modules-debuginfo-4.17.5-0.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnetapi / libnetapi-debuginfo / libnetapi-devel / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
amazon | linux | libnetapi | p-cpe:/a:amazon:linux:libnetapi |
amazon | linux | libnetapi-debuginfo | p-cpe:/a:amazon:linux:libnetapi-debuginfo |
amazon | linux | libnetapi-devel | p-cpe:/a:amazon:linux:libnetapi-devel |
amazon | linux | libsmbclient | p-cpe:/a:amazon:linux:libsmbclient |
amazon | linux | libsmbclient-debuginfo | p-cpe:/a:amazon:linux:libsmbclient-debuginfo |
amazon | linux | libsmbclient-devel | p-cpe:/a:amazon:linux:libsmbclient-devel |
amazon | linux | libwbclient | p-cpe:/a:amazon:linux:libwbclient |
amazon | linux | libwbclient-debuginfo | p-cpe:/a:amazon:linux:libwbclient-debuginfo |
amazon | linux | libwbclient-devel | p-cpe:/a:amazon:linux:libwbclient-devel |
amazon | linux | python3-samba | p-cpe:/a:amazon:linux:python3-samba |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20316
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1615
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3592
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45141
alas.aws.amazon.com/AL2023/ALAS-2023-032.html
alas.aws.amazon.com/cve/html/CVE-2016-2124.html
alas.aws.amazon.com/cve/html/CVE-2020-17049.html
alas.aws.amazon.com/cve/html/CVE-2021-20316.html
alas.aws.amazon.com/cve/html/CVE-2021-43566.html
alas.aws.amazon.com/cve/html/CVE-2021-44141.html
alas.aws.amazon.com/cve/html/CVE-2022-0336.html
alas.aws.amazon.com/cve/html/CVE-2022-1615.html
alas.aws.amazon.com/cve/html/CVE-2022-32742.html
alas.aws.amazon.com/cve/html/CVE-2022-32743.html
alas.aws.amazon.com/cve/html/CVE-2022-32746.html
alas.aws.amazon.com/cve/html/CVE-2022-3437.html
alas.aws.amazon.com/cve/html/CVE-2022-3592.html
alas.aws.amazon.com/cve/html/CVE-2022-37966.html
alas.aws.amazon.com/cve/html/CVE-2022-37967.html
alas.aws.amazon.com/cve/html/CVE-2022-38023.html
alas.aws.amazon.com/cve/html/CVE-2022-45141.html
alas.aws.amazon.com/faqs.html