Samba: Remote code execution vulnerability discovered by Alin Rad Pop with workaround to disable domain logo
Reporter | Title | Published | Views | Family All 123 |
---|---|---|---|---|
Check Point Advisories | Samba Domain Controller Service Crafted Mailslot Name Buffer Overflow (CVE-2007-6015) | 26 Jul 201000:00 | β | checkpoint_advisories |
OpenVAS | SuSE Update for samba SUSE-SA:2007:068 | 28 Jan 200900:00 | β | openvas |
OpenVAS | Ubuntu Update for samba vulnerability USN-556-1 | 23 Mar 200900:00 | β | openvas |
OpenVAS | SLES9: Security update for Samba | 10 Oct 200900:00 | β | openvas |
OpenVAS | Slackware Advisory SSA:2007-344-01 samba | 11 Sep 201200:00 | β | openvas |
OpenVAS | SLES9: Security update for Samba | 10 Oct 200900:00 | β | openvas |
OpenVAS | Gentoo Security Advisory GLSA 200712-10 (samba) | 24 Sep 200800:00 | β | openvas |
OpenVAS | Debian Security Advisory DSA 1427-1 (samba) | 17 Jan 200800:00 | β | openvas |
OpenVAS | Slackware: Security Advisory (SSA:2007-344-01) | 10 Sep 201200:00 | β | openvas |
OpenVAS | FreeBSD Ports: samba, samba3, ja-samba | 4 Sep 200800:00 | β | openvas |
Source | Link |
---|---|
security | www.security.gentoo.org/glsa/200712-10 |
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200712-10.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(29297);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2007-6015");
script_bugtraq_id(26791);
script_xref(name:"GLSA", value:"200712-10");
script_name(english:"GLSA-200712-10 : Samba: Execution of arbitrary code");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200712-10
(Samba: Execution of arbitrary code)
Alin Rad Pop (Secunia Research) discovered a boundary checking error in
the send_mailslot() function which could lead to a stack-based buffer
overflow.
Impact :
A remote attacker could send a specially crafted 'SAMLOGON' domain
logon packet, possibly leading to the execution of arbitrary code with
elevated privileges. Note that this vulnerability is exploitable only
when domain logon support is enabled in Samba, which is not the case in
Gentoo's default configuration.
Workaround :
Disable domain logon in Samba by setting 'domain logons = no' in
the 'global' section of your smb.conf and restart Samba."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200712-10"
);
script_set_attribute(
attribute:"solution",
value:
"All Samba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-fs/samba-3.0.28'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:samba");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2007/12/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"net-fs/samba", unaffected:make_list("ge 3.0.28"), vulnerable:make_list("lt 3.0.28"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Samba");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo