Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2018-1883.NASL
HistoryJun 22, 2018 - 12:00 a.m.

CentOS 6 : samba4 (CESA-2018:1883)

2018-06-2200:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

An update for samba4 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.

Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

Security Fix(es) :

  • samba: NULL pointer indirection in printer server process (CVE-2018-1050)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Samba project for reporting this issue.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2018:1883 and 
# CentOS Errata and Security Advisory 2018:1883 respectively.
#

include("compat.inc");

if (description)
{
  script_id(110649);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/10");

  script_cve_id("CVE-2018-1050");
  script_xref(name:"RHSA", value:"2018:1883");

  script_name(english:"CentOS 6 : samba4 (CESA-2018:1883)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"An update for samba4 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Low. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link (s) in the References section.

Samba is an open source implementation of the Server Message Block
(SMB) or Common Internet File System (CIFS) protocol, which allows
PC-compatible machines to share files, printers, and other
information.

Security Fix(es) :

* samba: NULL pointer indirection in printer server process
(CVE-2018-1050)

For more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.

Red Hat would like to thank the Samba project for reporting this
issue.

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10
Technical Notes linked from the References section."
  );
  # https://lists.centos.org/pipermail/centos-cr-announce/2018-June/005294.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0b205960"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected samba4 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1050");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-dc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-dc-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-pidl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-winbind-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:samba4-winbind-krb5-locator");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-6", reference:"samba4-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-client-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-common-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-dc-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-dc-libs-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-devel-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-libs-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-pidl-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-python-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-test-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-winbind-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-winbind-clients-4.2.10-15.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"samba4-winbind-krb5-locator-4.2.10-15.el6")) flag++;


if (flag)
{
  cr_plugin_caveat = '\n' +
    'NOTE: The security advisory associated with this vulnerability has a\n' +
    'fixed package version that may only be available in the continuous\n' +
    'release (CR) repository for CentOS, until it is present in the next\n' +
    'point release of CentOS.\n\n' +

    'If an equal or higher package level does not exist in the baseline\n' +
    'repository for your major version of CentOS, then updates from the CR\n' +
    'repository will need to be applied in order to address the\n' +
    'vulnerability.\n';
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get() + cr_plugin_caveat
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba4 / samba4-client / samba4-common / samba4-dc / samba4-dc-libs / etc");
}
VendorProductVersionCPE
centoscentossamba4p-cpe:/a:centos:centos:samba4
centoscentossamba4-clientp-cpe:/a:centos:centos:samba4-client
centoscentossamba4-commonp-cpe:/a:centos:centos:samba4-common
centoscentossamba4-dcp-cpe:/a:centos:centos:samba4-dc
centoscentossamba4-dc-libsp-cpe:/a:centos:centos:samba4-dc-libs
centoscentossamba4-develp-cpe:/a:centos:centos:samba4-devel
centoscentossamba4-libsp-cpe:/a:centos:centos:samba4-libs
centoscentossamba4-pidlp-cpe:/a:centos:centos:samba4-pidl
centoscentossamba4-pythonp-cpe:/a:centos:centos:samba4-python
centoscentossamba4-testp-cpe:/a:centos:centos:samba4-test
Rows per page:
1-10 of 141

Related

nessus 40
veracode 1
openvas 25
osv 4
oraclelinux 3
prion 1
redhat 5
cbl_mariner 1
ubuntu 2
checkpoint_advisories 1
redhatcve 1
centos 3
samba 1
alpinelinux 1
debian 4
ubuntucve 1
debiancve 1
ibm 3
f5 1
cve 1
altlinux 6
cisa 1
thn 1
fedora 7
threatpost 1
freebsd 1
archlinux 1
mageia 1
amazon 2
gentoo 1
nessus
nessus
Oracle Linux 6 : samba4 (ELSA-2018-1883)
2018-06-27 00:00:00
NewStart CGSL MAIN 4.05 : samba Vulnerability (NS-SA-2019-0134)
2019-08-12 00:00:00
SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2018:0832-1)
2018-03-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:30
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:0754-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0832-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3595-2)
2022-08-26 00:00:00
osv
osv
samba - security update
2018-03-27 00:00:00
CVE-2018-1050
2018-03-13 16:29:00
samba - security update
2018-03-13 00:00:00
oraclelinux
oraclelinux
samba4 security and bug fix update
2018-06-25 00:00:00
samba security, bug fix, and enhancement update
2018-11-05 00:00:00
samba security and bug fix update
2018-06-25 00:00:00
prion
prion
Design/Logic Flaw
2018-03-13 16:29:00
redhat
redhat
(RHSA-2018:1860) Low: samba security and bug fix update
2018-06-19 02:11:16
(RHSA-2018:1883) Low: samba4 security and bug fix update
2018-06-19 02:11:50
(RHSA-2018:2612) Moderate: samba security, bug fix and enhancement update
2018-09-04 06:19:17
cbl_mariner
cbl_mariner
CVE-2018-1050 affecting package samba 4.12.5-4
2024-05-08 21:08:41
ubuntu
ubuntu
Samba vulnerability
2018-03-23 00:00:00
Samba vulnerabilities
2018-03-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Samba Printer Server spoolss Denial Of Service (CVE-2018-1050)
2018-06-03 00:00:00
redhatcve
redhatcve
CVE-2018-1050
2019-10-09 10:03:19
centos
centos
libsmbclient, samba security update
2018-06-21 11:56:04
samba4 security update
2018-06-21 11:56:05
ctdb, libsmbclient, libwbclient, samba security update
2018-12-14 16:36:48
samba
samba
Denial of Service Attack on external print server.
2018-03-13 00:00:00
alpinelinux
alpinelinux
CVE-2018-1050
2018-03-13 16:29:00
debian
debian
[SECURITY] [DLA 1320-1] samba security update
2018-03-27 22:36:44
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:50:11
[SECURITY] [DSA 4135-1] samba security update
2018-03-13 09:49:45
ubuntucve
ubuntucve
CVE-2018-1050
2018-03-13 00:00:00
debiancve
debiancve
CVE-2018-1050
2018-03-13 16:29:00
ibm
ibm
Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050)
2018-10-17 12:20:01
Security Bulletin: Public disclosed vulnerability from Samba affect IBM Netezza Host Management
2019-10-18 03:36:34
Security Bulletin: Multiple Vulnerabilities in Samba affect IBM i
2019-12-18 14:26:38
f5
f5
K01494912 : Samba vulnerability CVE-2018-1050
2020-12-17 00:00:00
cve
cve
CVE-2018-1050
2018-03-13 16:29:00
altlinux
altlinux
Security fix for the ALT Linux 8 package samba version 4.6.14-alt1.1
2018-03-15 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.6.14-alt1.1
2018-03-15 00:00:00
Security fix for the ALT Linux 10 package samba version 4.6.14-alt1.S1
2018-03-12 00:00:00
cisa
cisa
Samba Releases Security Updates
2018-03-13 00:00:00
thn
thn
Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities
2018-03-13 10:05:00
fedora
fedora
[SECURITY] Fedora 27 Update: samba-4.7.6-0.fc27
2018-03-14 19:40:44
[SECURITY] Fedora 27 Update: libldb-1.3.2-1.fc27
2018-03-14 19:40:43
[SECURITY] Fedora 26 Update: samba-4.6.14-0.fc26
2018-03-20 17:38:39
threatpost
threatpost
Samba Patches Two Critical Vulnerabilities in Server Software
2018-03-13 12:56:17
freebsd
freebsd
samba -- multiple vulnerabilities
2018-01-03 00:00:00
archlinux
archlinux
[ASA-201803-10] samba: multiple issues
2018-03-13 00:00:00
mageia
mageia
Updated samba packages fix security vulnerabilities
2018-04-13 23:08:48
amazon
amazon
Medium: samba
2018-12-13 20:13:00
Medium: samba
2019-01-22 17:55:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2018-05-22 00:00:00
JSON
Related for CENTOS_RHSA-2018-1883.NASL
nessus40veracode1openvas25osv4oraclelinux3prion1redhat5cbl_mariner1ubuntu2checkpoint_advisories1redhatcve1centos3samba1alpinelinux1debian4ubuntucve1debiancve1ibm3f51cve1altlinux6cisa1thn1fedora7threatpost1freebsd1archlinux1mageia1amazon2gentoo1