Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.DEBIAN_DLA-509.NASL
HistoryJun 10, 2016 - 12:00 a.m.

Debian DLA-509-1 : samba security update

2016-06-1000:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
18

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON

The Samba 2:3.6.6-6+deb7u9 release, issued by the DSA-3548-1, introduced different regressions causing trust relationship with Win 7 domains to fail. The fix for the CVE-2016-2115 has been reverted, so administrators should set โ€˜client signing = requiredโ€™ instead.

For Debian 7 โ€˜Wheezyโ€™, these problems have been fixed in version 2:3.6.6-6+deb7u10. More information is available in the NEWS file included in this samba release.

We recommend that you upgrade your samba packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-509-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91548);
  script_version("2.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_name(english:"Debian DLA-509-1 : samba security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Samba 2:3.6.6-6+deb7u9 release, issued by the DSA-3548-1,
introduced different regressions causing trust relationship with Win 7
domains to fail. The fix for the CVE-2016-2115 has been reverted, so
administrators should set 'client signing = required' instead.

For Debian 7 'Wheezy', these problems have been fixed in version
2:3.6.6-6+deb7u10. More information is available in the NEWS file
included in this samba release.

We recommend that you upgrade your samba packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2016/06/msg00010.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/samba"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-smbpass");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpam-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmbclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-common-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:smbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"libnss-winbind", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libpam-smbpass", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libpam-winbind", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsmbclient", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libsmbclient-dev", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libwbclient-dev", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"libwbclient0", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"samba", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"samba-common", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"samba-common-bin", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"samba-dbg", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"samba-doc", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"samba-doc-pdf", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"samba-tools", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"smbclient", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"swat", reference:"2:3.6.6-6+deb7u10")) flag++;
if (deb_check(release:"7.0", prefix:"winbind", reference:"2:3.6.6-6+deb7u10")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlibnss-winbindp-cpe:/a:debian:debian_linux:libnss-winbind
debiandebian_linuxlibpam-smbpassp-cpe:/a:debian:debian_linux:libpam-smbpass
debiandebian_linuxlibpam-winbindp-cpe:/a:debian:debian_linux:libpam-winbind
debiandebian_linuxlibsmbclientp-cpe:/a:debian:debian_linux:libsmbclient
debiandebian_linuxlibsmbclient-devp-cpe:/a:debian:debian_linux:libsmbclient-dev
debiandebian_linuxlibwbclient-devp-cpe:/a:debian:debian_linux:libwbclient-dev
debiandebian_linuxlibwbclient0p-cpe:/a:debian:debian_linux:libwbclient0
debiandebian_linuxsambap-cpe:/a:debian:debian_linux:samba
debiandebian_linuxsamba-commonp-cpe:/a:debian:debian_linux:samba-common
debiandebian_linuxsamba-common-binp-cpe:/a:debian:debian_linux:samba-common-bin
Rows per page:
1-10 of 181

Related

ibm 11
openvas 48
debiancve 1
ubuntucve 1
cve 2
debian 3
veracode 1
osv 4
nvd 2
cvelist 2
prion 2
samba 1
f5 2
nessus 51
oraclelinux 5
redhat 8
centos 3
mageia 1
suse 8
altlinux 5
cloudfoundry 1
ubuntu 5
fedora 3
slackware 1
amazon 1
freebsd 1
archlinux 1
symantec 1
gentoo 1
ibm
ibm
Security Bulletin: SMB signing not required in IBM Spectrum Protect Plus (CVE-2016-2115)
2019-12-20 08:47:33
Security Bulletin: Samba as used in IBM QRadar SIEM is vulnerable to multiple CVE's. (CVE-2016-2110, CVE-2016-2112, CVE-2016-2115)
2018-06-16 21:44:54
Security Bulletin: Multiple vulnerabilities in Samba โ€“ including Badlock โ€“ affect ProtecTIER
2022-02-16 22:09:18
openvas
openvas
Debian: Security Advisory (DLA-509-1)
2023-03-08 00:00:00
RedHat Update for samba RHSA-2016:0611-01
2016-04-13 00:00:00
RedHat Update for samba RHSA-2016:0621-01
2016-04-13 00:00:00
debiancve
debiancve
CVE-2016-2115
2016-04-25 00:59:06
ubuntucve
ubuntucve
CVE-2016-2115
2016-04-12 00:00:00
cve
cve
CVE-2016-2115
2016-04-25 00:59:06
CVE-2016-0907
2016-05-30 01:59:00
debian
debian
[SECURITY] [DLA 509-1] samba security update
2016-06-09 21:14:33
[SECURITY] [DSA 3548-1] samba security update
2016-04-13 20:42:03
[SECURITY] [DSA 3548-1] samba security update
2016-04-13 20:42:03
veracode
veracode
Man-In-The-Middle (MitM)
2019-05-02 05:28:41
osv
osv
samba - security update
2016-06-09 00:00:00
samba - regression update
2016-04-13 00:00:00
samba - security update
2016-04-13 00:00:00
nvd
nvd
CVE-2016-2115
2016-04-25 00:59:06
CVE-2016-0907
2016-05-30 01:59:00
cvelist
cvelist
CVE-2016-2115
2016-04-25 00:00:00
CVE-2016-0907
2016-05-30 01:00:00
prion
prion
Code injection
2016-04-25 00:59:00
Code injection
2016-05-30 01:59:00
samba
samba
SMB client connections for IPC traffic are not integrity protected
2016-04-12 00:00:00
f5
f5
SOL53313971 - Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115
2016-05-17 00:00:00
K53313971 : Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115
2016-05-17 00:00:00
nessus
nessus
F5 Networks BIG-IP : Samba vulnerabilities (K53313971)
2016-08-30 00:00:00
RHEL 5 : samba (RHSA-2016:0621) (Badlock)
2016-04-13 00:00:00
CentOS 5 : samba (CESA-2016:0621) (Badlock)
2016-04-13 00:00:00
oraclelinux
oraclelinux
samba security update
2016-04-12 00:00:00
samba3x security update
2016-04-12 00:00:00
samba security update
2016-04-12 00:00:00
redhat
redhat
(RHSA-2016:0624) Critical: samba3x security update
2016-04-12 00:00:00
(RHSA-2016:0611) Critical: samba security update
2016-04-13 06:54:34
(RHSA-2016:0613) Critical: samba3x security update
2016-04-12 00:00:00
centos
centos
samba3x security update
2016-04-13 00:27:00
libsmbclient, samba security update
2016-04-13 00:14:40
ctdb, ipa, ldb, libldb, libsmbclient, libtalloc, libtdb, libtevent, libwbclient, openchange, pyldb, pytalloc, python, samba, samba4, tdb security update
2016-04-13 00:13:42
mageia
mageia
Updated samba packages fix security vulnerabilities
2016-04-26 21:02:43
suse
suse
Security update for samba (important)
2016-04-13 14:07:57
Security update for samba (important)
2016-04-13 20:07:50
Security update for samba (important)
2016-04-13 00:11:56
altlinux
altlinux
Security fix for the ALT Linux 7 package samba version 4.4.2-alt1
2016-04-12 00:00:00
Security fix for the ALT Linux 8 package samba version 4.4.2-alt1
2016-04-12 00:00:00
Security fix for the ALT Linux 10 package samba version 4.4.2-alt1
2016-04-12 00:00:00
cloudfoundry
cloudfoundry
Samba and Windows Vulnerabilities | Cloud Foundry
2016-04-14 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2016-04-18 00:00:00
Samba regressions
2016-05-18 00:00:00
libsoup update
2016-05-04 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: samba-4.4.2-1.fc24
2016-04-15 03:20:46
[SECURITY] Fedora 23 Update: samba-4.3.8-0.fc23
2016-04-13 20:24:23
[SECURITY] Fedora 22 Update: samba-4.2.11-0.fc22
2016-04-14 04:23:49
slackware
slackware
[slackware-security] samba
2016-04-15 20:48:27
amazon
amazon
Critical: samba
2016-04-13 11:45:00
freebsd
freebsd
samba -- multiple vulnerabilities
2016-04-12 00:00:00
archlinux
archlinux
samba: multiple issues
2016-04-23 00:00:00
symantec
symantec
SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)
2016-04-15 08:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2016-12-24 00:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON
Related for DEBIAN_DLA-509.NASL
ibm11openvas48debiancve1ubuntucve1cve2debian3veracode1osv4nvd2cvelist2prion2samba1f52nessus51oraclelinux5redhat8centos3mageia1suse8altlinux5cloudfoundry1ubuntu5fedora3slackware1amazon1freebsd1archlinux1symantec1gentoo1