Lucene search

K

Debian DSA-1908-1 : samba - several vulnerabilities

Debian Samba vulnerabilities: SMB/CIFS, file sharing, denial of servic

Show more
Related
Refs
Code
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1908. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(44773);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2009-2813", "CVE-2009-2906", "CVE-2009-2948");
  script_bugtraq_id(36363, 36572, 36573);
  script_xref(name:"DSA", value:"1908");

  script_name(english:"Debian DSA-1908-1 : samba - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in samba, an
implementation of the SMB/CIFS protocol for Unix systems, providing
support for cross-platform file and printer sharing with other
operating systems and more. The Common Vulnerabilities and Exposures
project identifies the following problems :

  - CVE-2009-2948
    The mount.cifs utility is missing proper checks for file
    permissions when used in verbose mode. This allows local
    users to partly disclose the content of arbitrary files
    by specifying the file as credentials file and
    attempting to mount a samba share.

  - CVE-2009-2906
    A reply to an oplock break notification which samba
    doesn't expect could lead to the service getting stuck
    in an infinite loop. An attacker can use this to perform
    denial of service attacks via a specially crafted SMB
    request.

  - CVE-2009-2813
    A lack of error handling in case no home directory was
    configured/specified for the user could lead to file
    disclosure. In case the automated [homes] share is
    enabled or an explicit share is created with that
    username, samba fails to enforce sharing restrictions
    which results in an attacker being able to access the
    file system from the root directory."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2948"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-2813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2009/dsa-1908"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the samba packages.

For the oldstable distribution (etch), this problem will be fixed
soon.

For the stable distribution (lenny), this problem has been fixed in
version 2:3.2.5-4lenny7."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/10/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"libpam-smbpass", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"libsmbclient", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"libsmbclient-dev", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"libwbclient0", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"samba", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"samba-common", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"samba-dbg", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"samba-doc", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"samba-doc-pdf", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"samba-tools", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"smbclient", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"smbfs", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"swat", reference:"2:3.2.5-4lenny7")) flag++;
if (deb_check(release:"5.0", prefix:"winbind", reference:"2:3.2.5-4lenny7")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo