EulerOS Virtualization 2.11.0 samba vulnerabilities CVE-2021-20251, CVE-2022-3437, CVE-2022-38023, CVE-2022-42898, CVE-2022-4514
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Tenable Nessus | EulerOS Virtualization 2.11.1 : samba (EulerOS-SA-2023-2076) | 7 Jun 202300:00 | – | nessus |
Tenable Nessus | Ubuntu 20.04 LTS / 22.04 LTS : Samba vulnerabilities (USN-5822-1) | 25 Jan 202300:00 | – | nessus |
Tenable Nessus | Ubuntu 20.04 LTS : Samba vulnerabilities (USN-5936-1) | 9 Mar 202300:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP11 : samba (EulerOS-SA-2023-2276) | 4 Jul 202300:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP11 : samba (EulerOS-SA-2023-2300) | 4 Jul 202300:00 | – | nessus |
Tenable Nessus | SUSE SLES15 Security Update : samba (SUSE-SU-2023:0162-1) | 27 Jan 202300:00 | – | nessus |
Tenable Nessus | Fedora 35 : 2:samba (2022-003403ec6b) | 22 Dec 202200:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2023-1898) | 16 May 202300:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2023-1929) | 16 May 202300:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP5 : samba (EulerOS-SA-2023-2168) | 9 Jun 202300:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(176801);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/07");
script_cve_id(
"CVE-2021-20251",
"CVE-2022-3437",
"CVE-2022-38023",
"CVE-2022-42898",
"CVE-2022-45141"
);
script_xref(name:"IAVA", value:"2022-A-0447-S");
script_xref(name:"IAVA", value:"2022-A-0495-S");
script_xref(name:"IAVA", value:"2023-A-0004-S");
script_name(english:"EulerOS Virtualization 2.11.0 : samba (EulerOS-SA-2023-2128)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :
- A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute
force attacks being successful if special conditions are met. (CVE-2021-20251)
- A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and
unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI
library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a
maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the
application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)
- Netlogon RPC Elevation of Privilege Vulnerability (CVE-2022-38023)
- PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that
may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit
platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other
platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has 'a similar bug.'
(CVE-2022-42898)
- Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov
8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will
issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-
hmac-sha1-96). (CVE-2022-45141)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2128
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ab1fdffb");
script_set_attribute(attribute:"solution", value:
"Update the affected samba packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-45141");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/25");
script_set_attribute(attribute:"patch_publication_date", value:"2023/06/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsmbclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libwbclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-common-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:samba-winbind-modules");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.11.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.11.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.11.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"libsmbclient-4.15.3-4.h17.eulerosv2r11",
"libwbclient-4.15.3-4.h17.eulerosv2r11",
"samba-4.15.3-4.h17.eulerosv2r11",
"samba-client-4.15.3-4.h17.eulerosv2r11",
"samba-common-4.15.3-4.h17.eulerosv2r11",
"samba-common-tools-4.15.3-4.h17.eulerosv2r11",
"samba-libs-4.15.3-4.h17.eulerosv2r11",
"samba-winbind-4.15.3-4.h17.eulerosv2r11",
"samba-winbind-clients-4.15.3-4.h17.eulerosv2r11",
"samba-winbind-modules-4.15.3-4.h17.eulerosv2r11"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "samba");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo