Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2017-834.NASL
HistoryJun 01, 2017 - 12:00 a.m.

Amazon Linux AMI : samba (ALAS-2017-834) (SambaCry)

2017-06-0100:00:00
This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
41
JSON

A remote code execution flaw was found in Samba. A malicious authenticated

samba client, having write access to the samba share, could use this flaw to

execute arbitrary code as root. (CVE-2017-7494)

It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125)

A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126)

A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions.
(CVE-2017-2619)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-834.
#

include('compat.inc');

if (description)
{
  script_id(100554);
  script_version("3.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/30");

  script_cve_id(
    "CVE-2016-2125",
    "CVE-2016-2126",
    "CVE-2017-2619",
    "CVE-2017-7494"
  );
  script_xref(name:"ALAS", value:"2017-834");
  script_xref(name:"RHSA", value:"2017:1270");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/04/20");

  script_name(english:"Amazon Linux AMI : samba (ALAS-2017-834) (SambaCry)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A remote code execution flaw was found in Samba. A malicious
authenticated

samba client, having write access to the samba share, could use this
flaw to

execute arbitrary code as root. (CVE-2017-7494)

It was found that Samba always requested forwardable tickets when
using Kerberos authentication. A service to which Samba authenticated
using Kerberos could subsequently use the ticket to impersonate Samba
to other services or domain users. (CVE-2016-2125)

A flaw was found in the way Samba handled PAC (Privilege Attribute
Certificate) checksums. A remote, authenticated attacker could use
this flaw to crash the winbindd process. (CVE-2016-2126)

A race condition was found in samba server. A malicious samba client
could use this flaw to access files and directories, in areas of the
server file system not exported under the share definitions.
(CVE-2017-2619)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2017-834.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update samba' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Samba is_known_pipename() Arbitrary Module Load');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ctdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ctdb-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libsmbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libwbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libwbclient-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-client-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-common-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-krb5-printing");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-pidl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-test-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-krb5-locator");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:samba-winbind-modules");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"ctdb-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ctdb-tests-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libsmbclient-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libsmbclient-devel-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libwbclient-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libwbclient-devel-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-client-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-client-libs-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-common-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-common-libs-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-common-tools-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-debuginfo-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-devel-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-krb5-printing-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-libs-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-pidl-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-python-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-test-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-test-libs-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-winbind-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-winbind-clients-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-winbind-krb5-locator-4.4.4-13.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"samba-winbind-modules-4.4.4-13.35.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ctdb / ctdb-tests / libsmbclient / libsmbclient-devel / libwbclient / etc");
}
VendorProductVersionCPE
amazonlinuxctdbp-cpe:/a:amazon:linux:ctdb
amazonlinuxctdb-testsp-cpe:/a:amazon:linux:ctdb-tests
amazonlinuxlibsmbclientp-cpe:/a:amazon:linux:libsmbclient
amazonlinuxlibsmbclient-develp-cpe:/a:amazon:linux:libsmbclient-devel
amazonlinuxlibwbclientp-cpe:/a:amazon:linux:libwbclient
amazonlinuxlibwbclient-develp-cpe:/a:amazon:linux:libwbclient-devel
amazonlinuxsambap-cpe:/a:amazon:linux:samba
amazonlinuxsamba-clientp-cpe:/a:amazon:linux:samba-client
amazonlinuxsamba-client-libsp-cpe:/a:amazon:linux:samba-client-libs
amazonlinuxsamba-commonp-cpe:/a:amazon:linux:samba-common
Rows per page:
1-10 of 251

Related

nessus 62
openvas 28
amazon 1
redhat 5
oraclelinux 4
centos 3
mageia 2
ibm 10
fedora 6
altlinux 10
slackware 3
archlinux 2
freebsd 2
ubuntu 3
osv 7
debian 8
prion 3
ubuntucve 3
samba 3
debiancve 3
cve 3
veracode 4
alpinelinux 3
zdt 1
suse 9
checkpoint_advisories 2
redhatcve 2
f5 2
thn 2
myhack58 2
saint 1
nessus
nessus
EulerOS 2.0 SP1 : samba (EulerOS-SA-2017-1104)
2017-06-09 00:00:00
EulerOS 2.0 SP2 : samba (EulerOS-SA-2017-1105)
2017-06-09 00:00:00
CentOS 7 : samba (CESA-2017:1265)
2017-05-23 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2017-1105)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2017-1104)
2020-01-23 00:00:00
CentOS Update for ctdb CESA-2017:1265 centos7
2017-05-23 00:00:00
amazon
amazon
Important: samba
2017-05-30 23:54:00
redhat
redhat
(RHSA-2017:1265) Moderate: samba security and bug fix update
2017-05-22 09:06:50
(RHSA-2017:0744) Moderate: samba4 security and bug fix update
2017-03-21 06:17:49
(RHSA-2017:0662) Moderate: samba security and bug fix update
2017-03-21 06:17:45
oraclelinux
oraclelinux
samba security and bug fix update
2017-05-22 00:00:00
samba security and bug fix update
2017-03-27 00:00:00
samba4 security and bug fix update
2017-03-27 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2017-05-22 16:26:22
libsmbclient, samba security update
2017-03-24 15:43:17
samba4 security update
2017-03-24 15:43:22
mageia
mageia
Updated samba packages fix security vulnerability
2017-05-25 17:37:42
Updated samba packages fix security vulnerability
2016-12-30 18:00:01
ibm
ibm
Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2125, CVE-2016-2126)
2018-06-18 00:32:38
Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2016-2125, CVE-2016-2126 )
2018-06-18 00:32:38
Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125)
2018-08-01 19:05:46
fedora
fedora
[SECURITY] Fedora 25 Update: samba-4.5.3-0.fc25
2016-12-22 16:51:05
[SECURITY] Fedora 24 Update: samba-4.4.9-0.fc24
2017-01-09 01:25:50
[SECURITY] Fedora 24 Update: samba-4.4.13-1.fc24
2017-04-15 22:49:44
altlinux
altlinux
Security fix for the ALT Linux 7 package samba-DC version 4.5.3-alt1.M70P.1
2016-12-19 00:00:00
Security fix for the ALT Linux 10 package samba version 4.5.3-alt1.S1
2016-12-19 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.5.3-alt1
2016-12-19 00:00:00
slackware
slackware
[slackware-security] samba
2016-12-28 21:10:14
[slackware-security] samba
2017-04-01 05:21:31
[slackware-security] samba
2017-03-24 05:44:58
archlinux
archlinux
[ASA-201612-19] samba: multiple issues
2016-12-22 00:00:00
[ASA-201705-22] samba: arbitrary code execution
2017-05-30 00:00:00
freebsd
freebsd
samba -- multiple vulnerabilities
2016-12-19 00:00:00
samba -- symlink race allows access outside share definition
2017-03-23 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2016-12-19 00:00:00
Samba vulnerability
2017-03-23 00:00:00
Samba vulnerability
2017-04-25 00:00:00
osv
osv
samba - security update
2016-12-19 00:00:00
samba - security update
2017-01-02 00:00:00
CVE-2016-2125
2018-10-31 20:29:00
debian
debian
[SECURITY] [DSA 3740-1] samba security update
2016-12-19 10:16:48
[SECURITY] [DSA 3740-1] samba security update
2016-12-19 10:16:48
[SECURITY] [DLA 776-1] samba security update
2017-01-02 18:57:35
prion
prion
Authentication flaw
2018-10-31 20:29:00
Design/Logic Flaw
2018-03-12 15:29:00
Privilege escalation
2017-05-11 14:29:00
ubuntucve
ubuntucve
CVE-2016-2125
2016-12-19 00:00:00
CVE-2017-2619
2017-03-23 00:00:00
CVE-2016-2126
2016-12-19 00:00:00
samba
samba
Unconditional privilege delegation to Kerberos servers in trusted realms
2016-12-19 00:00:00
Symlink race allows access outside share definition.
2017-03-23 00:00:00
Flaws in Kerberos PAC validation can trigger privilege elevation.
2016-12-19 00:00:00
debiancve
debiancve
CVE-2016-2125
2018-10-31 20:29:00
CVE-2017-2619
2018-03-12 15:29:00
CVE-2016-2126
2017-05-11 14:29:00
cve
cve
CVE-2016-2125
2018-10-31 20:29:00
CVE-2017-2619
2018-03-12 15:29:00
CVE-2016-2126
2017-05-11 14:29:00
veracode
veracode
Spoofing And Impersonation
2019-01-15 09:16:14
Remote Code Execution (RCE)
2019-01-15 09:18:59
Privilege Escalation
2019-05-02 05:51:55
alpinelinux
alpinelinux
CVE-2016-2125
2018-10-31 20:29:00
CVE-2017-2619
2018-03-12 15:29:00
CVE-2016-2126
2017-05-11 14:29:00
zdt
zdt
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Vulnerability
2017-03-28 00:00:00
suse
suse
Security update for samba (important)
2017-03-29 21:08:41
Security update for samba (important)
2017-04-05 18:23:27
Security update for samba (important)
2017-03-28 21:09:41
checkpoint_advisories
checkpoint_advisories
Samba Symlink Unauthorized File Access (CVE-2017-2619)
2017-06-29 00:00:00
Linux EternalRed Samba Remote Code Execution (CVE-2017-7494)
2017-05-25 00:00:00
redhatcve
redhatcve
CVE-2017-2619
2017-03-23 09:48:01
CVE-2016-2126
2019-10-11 15:33:40
f5
f5
K20722197 : Samba vulnerability CVE-2017-2619
2018-03-20 00:00:00
K03644631 : Samba vulnerability CVE-2016-2126
2017-04-11 00:00:00
thn
thn
CowerSnail — Windows Backdoor from the Creators of SambaCry Linux Malware
2017-07-27 00:40:00
Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
2017-06-10 01:16:00
myhack58
myhack58
SambaCry exploit analysis-exploit warning-the black bar safety net
2017-06-13 00:00:00
Vulnerability warning|Samba remote code execution vulnerability, affecting 7 years ago version-bug warning-the black bar safety net
2017-05-25 00:00:00
saint
saint
Samba shared library upload and execution
2017-06-08 00:00:00
JSON
Related for ALA_ALAS-2017-834.NASL
nessus62openvas28amazon1redhat5oraclelinux4centos3mageia2ibm10fedora6altlinux10slackware3archlinux2freebsd2ubuntu3osv7debian8prion3ubuntucve3samba3debiancve3cve3veracode4alpinelinux3zdt1suse9checkpoint_advisories2redhatcve2f52thn2myhack582saint1