Lucene search

HistoryNov 14, 2019 - 12:00 a.m.

Fedora 31 : 2:samba (2019-57d43f3b58)

2019-11-1400:00:00

www.tenable.com

6.5 Medium

AI Score

Confidence

High

JSON

Update code to deal with removal of DES support in MIT Kerberos.

Update to Samba 4.11.2 - Security fixes for CVE-2019-10218, CVE-2019-14833

Since MIT Kerberos deprecated use of DES encryption type, restore Samba AD domain controller functionality by not using DES encryption keys. Only AES and RC4 keys would work.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-57d43f3b58.
#

include('compat.inc');

if (description)
{
  script_id(130987);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2019-10218", "CVE-2019-14833");
  script_xref(name:"FEDORA", value:"2019-57d43f3b58");

  script_name(english:"Fedora 31 : 2:samba (2019-57d43f3b58)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Update code to deal with removal of DES support in MIT Kerberos.

----

Update to Samba 4.11.2 - Security fixes for CVE-2019-10218,
CVE-2019-14833

----

Since MIT Kerberos deprecated use of DES encryption type, restore
Samba AD domain controller functionality by not using DES encryption
keys. Only AES and RC4 keys would work.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-57d43f3b58");
  script_set_attribute(attribute:"solution", value:
"Update the affected 2:samba package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14833");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-10218");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:samba");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"samba-4.11.2-1.fc31", epoch:"2")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:samba");
}

VendorProductVersionCPE
fedoraprojectfedora2p-cpe:/a:fedoraproject:fedora:2:samba
fedoraprojectfedora31cpe:/o:fedoraproject:fedora:31

Vendor	Product	Version	CPE
fedoraproject	fedora	2	p-cpe:/a:fedoraproject:fedora:2:samba
fedoraproject	fedora	31	cpe:/o:fedoraproject:fedora:31

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833

bodhi.fedoraproject.org/updates/FEDORA-2019-57d43f3b58

6.5 Medium

AI Score

Confidence

High

JSON

Related for FEDORA_2019-57D43F3B58.NASL