Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1413.NASL
HistoryApr 18, 2022 - 12:00 a.m.

EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-1413)

2022-04-1800:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
    (CVE-2016-2124)

  • A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. (CVE-2020-25717)

  • A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)

  • A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name- based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. (CVE-2020-25719)

  • Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
    (CVE-2020-25721)

  • Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)

  • A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
    (CVE-2021-3671)

  • In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called ‘association groups’. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid ‘struct session_info’. The most likely outcome here is a crash, but it is possible that the use- after-free could instead allow different user state to be pointed at and this might allow more privileged access. (CVE-2021-3738)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159868);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/11/08");

  script_cve_id(
    "CVE-2016-2124",
    "CVE-2020-25717",
    "CVE-2020-25718",
    "CVE-2020-25719",
    "CVE-2020-25721",
    "CVE-2020-25722",
    "CVE-2021-3671",
    "CVE-2021-3738"
  );
  script_xref(name:"IAVA", value:"2021-A-0554-S");

  script_name(english:"EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-1413)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to
    retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
    (CVE-2016-2124)

  - A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use
    this flaw to cause possible privilege escalation. (CVE-2020-25717)

  - A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC
    (read-only domain controller). This would allow an RODC to print administrator tickets. (CVE-2020-25718)

  - A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-
    based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did
    not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total
    domain compromise. (CVE-2020-25719)

  - Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now
    provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
    (CVE-2020-25721)

  - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored
    data. An attacker could use this flaw to cause total domain compromise. (CVE-2020-25722)

  - A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ
    (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
    (CVE-2021-3671)

  - In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections
    via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb
    database. However while the database was correctly shared, the user credentials state was only pointed at,
    and when one connection within that association group ended, the database would be left pointing at an
    invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-
    after-free could instead allow different user state to be pointed at and this might allow more privileged
    access. (CVE-2021-3738)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1413
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?518bc7dc");
  script_set_attribute(attribute:"solution", value:
"Update the affected samba packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25719");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-3738");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.0");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "samba-client-4.11.12-3.h9.eulerosv2r10",
  "samba-common-4.11.12-3.h9.eulerosv2r10",
  "samba-common-tools-4.11.12-3.h9.eulerosv2r10",
  "samba-libs-4.11.12-3.h9.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
}
VendorProductVersionCPE
huaweieulerossamba-clientp-cpe:/a:huawei:euleros:samba-client
huaweieulerossamba-commonp-cpe:/a:huawei:euleros:samba-common
huaweieulerossamba-common-toolsp-cpe:/a:huawei:euleros:samba-common-tools
huaweieulerossamba-libsp-cpe:/a:huawei:euleros:samba-libs
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:2.10.0

Related

nessus 62
ubuntu 5
osv 18
fedora 5
freebsd 1
altlinux 2
mageia 2
debian 3
cisa 1
suse 5
cloudfoundry 2
samba 6
redhat 11
oraclelinux 4
centos 2
almalinux 2
rocky 2
amazon 3
veracode 6
debiancve 7
cnvd 6
redhatcve 7
ubuntucve 6
cve 7
alpinelinux 7
prion 7
cbl_mariner 6
f5 2
ibm 2
nessus
nessus
EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1258)
2022-02-25 00:00:00
EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2022-1387)
2022-04-18 00:00:00
EulerOS 2.0 SP10 : samba (EulerOS-SA-2022-1246)
2022-02-25 00:00:00
ubuntu
ubuntu
Samba regressions
2021-12-06 00:00:00
Samba vulnerabilities
2021-11-11 00:00:00
Samba regression
2021-12-13 00:00:00
osv
osv
samba vulnerabilities
2021-11-11 13:02:13
samba regression
2021-12-13 19:47:42
samba regressions
2021-12-06 14:57:18
fedora
fedora
[SECURITY] Fedora 34 Update: libldb-2.3.2-1.fc34
2021-12-01 01:14:11
[SECURITY] Fedora 34 Update: samba-4.14.10-2.fc34
2021-12-01 01:14:11
[SECURITY] Fedora 35 Update: freeipa-4.9.7-4.fc35
2021-11-19 01:16:31
freebsd
freebsd
samba -- Multiple Vulnerabilities
2021-11-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.14.10-alt1
2021-11-07 00:00:00
Security fix for the ALT Linux 10 package samba version 4.14.8-alt1
2021-10-20 00:00:00
mageia
mageia
Updated samba packages fix security vulnerability
2021-12-26 03:14:13
Updated heimdal packages fix security vulnerability
2021-12-08 23:04:18
debian
debian
[SECURITY] [DSA 5003-1] samba security update
2021-11-09 18:46:42
[SECURITY] [DSA 5003-1] samba security update
2021-11-09 18:46:42
[SECURITY] [DSA 5015-1] samba security update
2021-11-30 12:19:55
cisa
cisa
Samba Releases Security Updates
2021-11-09 00:00:00
suse
suse
Security update for samba and ldb (important)
2021-11-10 00:00:00
Security update for samba (important)
2021-11-16 00:00:00
Security update for samba (important)
2021-11-15 00:00:00
cloudfoundry
cloudfoundry
USN-5174-2: Samba regression | Cloud Foundry
2022-01-20 00:00:00
USN-5174-1: Samba vulnerabilities | Cloud Foundry
2022-01-20 00:00:00
samba
samba
Kerberos acceptors need easy access to stable
2021-11-09 00:00:00
Samba AD DC did not do suffienct access and
2021-11-09 00:00:00
Samba AD DC did not always rely on the SID
2021-11-09 00:00:00
redhat
redhat
(RHSA-2021:4844) Important: samba security update
2021-11-29 12:29:25
(RHSA-2022:0074) Important: samba security update
2022-01-11 09:08:04
(RHSA-2021:5192) Important: samba security and bug fix update
2021-12-16 16:19:48
oraclelinux
oraclelinux
samba security and bug fix update
2021-12-17 00:00:00
samba security update
2021-12-14 00:00:00
idm:DL1 security update
2021-12-16 00:00:00
centos
centos
ctdb, libsmbclient, libwbclient, samba security update
2021-12-21 21:39:51
ipa, python2 security update
2021-12-21 21:37:58
almalinux
almalinux
Important: samba security update
2021-12-13 08:15:38
Moderate: idm:DL1 security update
2021-12-15 07:39:49
rocky
rocky
samba security update
2021-12-13 08:15:38
idm:DL1 security update
2021-12-15 07:39:49
amazon
amazon
Critical: samba
2022-02-03 19:29:00
Critical: samba
2022-02-10 21:59:00
Important: ipa
2023-07-17 17:40:00
veracode
veracode
Authentication Bypass
2021-11-12 15:18:26
CVE-2020-25722
2021-11-12 15:18:24
Total Domain Compromise
2021-11-12 15:19:39
debiancve
debiancve
CVE-2020-25718
2022-02-18 18:15:00
CVE-2020-25722
2022-02-18 18:15:00
CVE-2020-25719
2022-02-18 18:15:00
cnvd
cnvd
Samba Licensing Issue Vulnerability (CNVD-2022-15499)
2021-11-12 00:00:00
Samba permission permission and access control issue vulnerability (CNVD-2022-15498)
2021-11-12 00:00:00
Samba Security Bypass Vulnerability (CNVD-2022-15500)
2021-11-12 00:00:00
redhatcve
redhatcve
CVE-2020-25721
2021-11-10 03:58:30
CVE-2020-25718
2021-11-10 03:32:36
CVE-2020-25719
2021-11-10 03:28:05
ubuntucve
ubuntucve
CVE-2020-25721
2021-11-09 00:00:00
CVE-2020-25718
2021-11-09 00:00:00
CVE-2020-25722
2021-11-09 00:00:00
cve
cve
CVE-2020-25718
2022-02-18 18:15:00
CVE-2020-25719
2022-02-18 18:15:00
CVE-2020-25721
2022-03-16 15:15:00
alpinelinux
alpinelinux
CVE-2020-25722
2022-02-18 18:15:00
CVE-2020-25719
2022-02-18 18:15:00
CVE-2020-25718
2022-02-18 18:15:00
prion
prion
Design/Logic Flaw
2022-02-18 18:15:00
Design/Logic Flaw
2022-02-18 18:15:00
Design/Logic Flaw
2022-02-18 18:15:00
cbl_mariner
cbl_mariner
CVE-2020-25719 affecting package samba 4.12.5-5
2024-04-18 09:20:20
CVE-2020-25718 affecting package samba 4.12.5-5
2024-04-18 09:20:20
CVE-2020-25722 affecting package samba 4.12.5-5
2024-04-18 09:20:20
f5
f5
K75547109 : Samba vulnerability CVE-2020-25717
2022-02-09 00:00:00
K86005324 : Samba vulnerability CVE-2016-2124
2022-02-07 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2020-25717)
2022-04-27 11:02:22
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2016-2124)
2022-03-21 13:37:16
JSON
Related for EULEROS_SA-2022-1413.NASL
nessus62ubuntu5osv18fedora5freebsd1altlinux2mageia2debian3cisa1suse5cloudfoundry2samba6redhat11oraclelinux4centos2almalinux2rocky2amazon3veracode6debiancve7cnvd6redhatcve7ubuntucve6cve7alpinelinux7prion7cbl_mariner6f52ibm2