Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2002-081.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : samba (MDKSA-2002:081)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
15
JSON

A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered by the Debian samba maintainers. A bug in the length checking for encrypted password change requests from clients could be exploited using a buffer overrun attack on the smbd stack. This attack would have to crafted in such a way that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code.

This vulnerability has been fixed in samba version 2.2.7, and the updated packages have had a patch applied to fix the problem.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2002:081. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(13979);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2002-1318");
  script_xref(name:"MDKSA", value:"2002:081");

  script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2002:081)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability in samba versions 2.2.2 through 2.2.6 was discovered
by the Debian samba maintainers. A bug in the length checking for
encrypted password change requests from clients could be exploited
using a buffer overrun attack on the smbd stack. This attack would
have to crafted in such a way that converting a DOS codepage string to
little endian UCS2 unicode would translate into an executable block of
code.

This vulnerability has been fixed in samba version 2.2.7, and the
updated packages have had a patch applied to fix the problem."
  );
  # http://www.samba.org/samba/whatsnew/samba-2.2.7.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.samba.org/samba/history/samba-2.2.7.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"samba-2.2.2-3.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"samba-client-2.2.2-3.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"samba-common-2.2.2-3.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"samba-doc-2.2.2-3.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"nss_wins-2.2.3a-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-2.2.3a-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-client-2.2.3a-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-common-2.2.3a-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-doc-2.2.3a-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-swat-2.2.3a-10.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-winbind-2.2.3a-10.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"nss_wins-2.2.7-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-client-2.2.7-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-common-2.2.7-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-doc-2.2.7-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-server-2.2.7-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-swat-2.2.7-2.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-winbind-2.2.7-2.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxnss_winsp-cpe:/a:mandriva:linux:nss_wins
mandrivalinuxsambap-cpe:/a:mandriva:linux:samba
mandrivalinuxsamba-clientp-cpe:/a:mandriva:linux:samba-client
mandrivalinuxsamba-commonp-cpe:/a:mandriva:linux:samba-common
mandrivalinuxsamba-docp-cpe:/a:mandriva:linux:samba-doc
mandrivalinuxsamba-serverp-cpe:/a:mandriva:linux:samba-server
mandrivalinuxsamba-swatp-cpe:/a:mandriva:linux:samba-swat
mandrivalinuxsamba-winbindp-cpe:/a:mandriva:linux:samba-winbind
mandrakesoftmandrake_linux8.1cpe:/o:mandrakesoft:mandrake_linux:8.1
mandrakesoftmandrake_linux8.2cpe:/o:mandrakesoft:mandrake_linux:8.2
Rows per page:
1-10 of 111

Related

cve 1
nessus 2
openvas 2
osv 1
debiancve 1
suse 1
zdt 1
cert 2
cve
cve
CVE-2002-1318
2002-12-11 05:00:00
nessus
nessus
Samba Encrypted Password String Conversion Decryption Overflow
2002-11-25 00:00:00
Debian DSA-200-1 : samba - remote exploit
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 200-1 (samba)
2008-01-17 00:00:00
Debian Security Advisory DSA 200-1 (samba)
2008-01-17 00:00:00
osv
osv
samba - remote exploit
2002-11-22 00:00:00
debiancve
debiancve
CVE-2002-1318
2002-12-11 05:00:00
suse
suse
possible remote code execution in samba
2002-11-20 17:05:56
zdt
zdt
Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow Exploit
2017-03-23 00:00:00
cert
cert
Samba contains a remotely exploitable stack buffer overflow
2002-12-13 00:00:00
Sendmail vulnerable to buffer overflow when DNS map is specified using TXT records
2002-06-28 00:00:00
JSON
Related for MANDRAKE_MDKSA-2002-081.NASL
cve1nessus2openvas2osv1debiancve1suse1zdt1cert2