Lucene search

K

GLSA-200712-10 : Samba: Execution of arbitrary code

πŸ—“οΈΒ 11 Dec 2007Β 00:00:00Reported byΒ This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.TypeΒ 
nessus
Β nessus
πŸ”—Β www.tenable.comπŸ‘Β 21Β Views

Samba: Remote code execution vulnerability discovered by Alin Rad Pop with workaround to disable domain logo

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Check Point Advisories
Samba Domain Controller Service Crafted Mailslot Name Buffer Overflow (CVE-2007-6015)
26 Jul 201000:00
–checkpoint_advisories
OpenVAS
SuSE Update for samba SUSE-SA:2007:068
28 Jan 200900:00
–openvas
OpenVAS
Ubuntu Update for samba vulnerability USN-556-1
23 Mar 200900:00
–openvas
OpenVAS
SLES9: Security update for Samba
10 Oct 200900:00
–openvas
OpenVAS
Slackware Advisory SSA:2007-344-01 samba
11 Sep 201200:00
–openvas
OpenVAS
SLES9: Security update for Samba
10 Oct 200900:00
–openvas
OpenVAS
Gentoo Security Advisory GLSA 200712-10 (samba)
24 Sep 200800:00
–openvas
OpenVAS
Debian Security Advisory DSA 1427-1 (samba)
17 Jan 200800:00
–openvas
OpenVAS
Slackware: Security Advisory (SSA:2007-344-01)
10 Sep 201200:00
–openvas
OpenVAS
FreeBSD Ports: samba, samba3, ja-samba
4 Sep 200800:00
–openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200712-10.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(29297);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2007-6015");
  script_bugtraq_id(26791);
  script_xref(name:"GLSA", value:"200712-10");

  script_name(english:"GLSA-200712-10 : Samba: Execution of arbitrary code");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200712-10
(Samba: Execution of arbitrary code)

    Alin Rad Pop (Secunia Research) discovered a boundary checking error in
    the send_mailslot() function which could lead to a stack-based buffer
    overflow.
  
Impact :

    A remote attacker could send a specially crafted 'SAMLOGON' domain
    logon packet, possibly leading to the execution of arbitrary code with
    elevated privileges. Note that this vulnerability is exploitable only
    when domain logon support is enabled in Samba, which is not the case in
    Gentoo's default configuration.
  
Workaround :

    Disable domain logon in Samba by setting 'domain logons = no' in
    the 'global' section of your smb.conf and restart Samba."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200712-10"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Samba users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=net-fs/samba-3.0.28'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/11");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 3.0.28"), vulnerable:make_list("lt 3.0.28"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo