EulerOS 2.0 SP3 : samba (EulerOS-SA-2019-2018)

🗓️ 24 Sep 2019 00:00:00Reported by TenableType

EulerOS 2.0 SP3 samba remote vulnerabilitie

Reporter	Title	Published	Views	Family All 203
IBM Security Bulletins	Security Bulletin: Vulnerability in Open Source Samba affects IBM Netezza Host Management	18 Oct 201903:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability CVE-2019-3880 in Samba affects IBM i	15 Aug 202216:25	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2019-3880)	3 Jun 201910:45	–	ibm
IBM Security Bulletins	Security Bulletin: Samba vulnerability affects IBM Storwize V7000 Unified (CVE-2019-3880)	2 May 201910:15	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package samba version 4.10.2-alt1	11 Apr 201900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package samba version 4.9.9-alt1	26 Jun 201900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package samba version 4.10.5-alt1	31 Jul 201900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 8 package samba-DC version 4.9.10-alt1	16 Jul 201900:00	–	altlinux
FreeBSD	samba -- multiple vulnerabilities	14 May 201900:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : samba (ALAS-2019-1351)	7 Nov 201900:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(129211);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/23");

  script_cve_id("CVE-2019-12435", "CVE-2019-3880");

  script_name(english:"EulerOS 2.0 SP3 : samba (EulerOS-SA-2019-2018)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the samba packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a
    NULL pointer dereference, leading to Denial of Service.
    This is related to the AD DC DNS management server
    (dnsserver) RPC server process.(CVE-2019-12435)

  - A flaw was found in the way samba implemented an RPC
    endpoint emulating the Windows registry service API. An
    unprivileged attacker could use this flaw to create a
    new registry hive file anywhere they have unix
    permissions which could lead to creation of a new file
    in the Samba share.(CVE-2019-3880)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2018
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?73386f1b");
  script_set_attribute(attribute:"solution", value:
"Update the affected samba packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3880");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["libsmbclient-4.6.2-8.h8",
        "libwbclient-4.6.2-8.h8",
        "samba-4.6.2-8.h8",
        "samba-client-4.6.2-8.h8",
        "samba-client-libs-4.6.2-8.h8",
        "samba-common-4.6.2-8.h8",
        "samba-common-libs-4.6.2-8.h8",
        "samba-common-tools-4.6.2-8.h8",
        "samba-libs-4.6.2-8.h8",
        "samba-python-4.6.2-8.h8",
        "samba-winbind-4.6.2-8.h8",
        "samba-winbind-clients-4.6.2-8.h8",
        "samba-winbind-modules-4.6.2-8.h8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
}

23 Apr 2024 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 25.5

CVSS 34.2 - 6.5

CVSS 3.15.4

EPSS0.03816