Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2004-131.NASL
HistoryNov 13, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : samba (MDKSA-2004:131)

2004-11-1300:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
9

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.052 Low

EPSS

Percentile

93.0%

JSON

Karol Wiesek discovered a bug in the input validation routines in Samba 3.x used to match filename strings containing wildcard characters. This bug may allow a user to consume more than normal amounts of CPU cycles which would impact the performance and response of the server. In some cases it could also cause the server to become entirely unresponsive.

The updated packages are patched to prevent this problem with patches from the Samba team. This vulnerability is fixed in samba 3.0.8.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2004:131. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15699);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-0930");
  script_xref(name:"MDKSA", value:"2004:131");

  script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2004:131)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Karol Wiesek discovered a bug in the input validation routines in
Samba 3.x used to match filename strings containing wildcard
characters. This bug may allow a user to consume more than normal
amounts of CPU cycles which would impact the performance and response
of the server. In some cases it could also cause the server to become
entirely unresponsive.

The updated packages are patched to prevent this problem with patches
from the Samba team. This vulnerability is fixed in samba 3.0.8."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smbclient0-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmbclient0-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-passdb-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-clamav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-vscan-icap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64smbclient0-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64smbclient0-devel-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64smbclient0-static-devel-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsmbclient0-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsmbclient0-devel-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"nss_wins-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-client-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-common-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-doc-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-passdb-mysql-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-passdb-pgsql-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-passdb-xml-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-server-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-swat-3.0.6-4.2.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"samba-winbind-3.0.6-4.2.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64smbclient0-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64smbclient0-devel-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64smbclient0-static-devel-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libsmbclient0-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libsmbclient0-devel-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libsmbclient0-static-devel-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"nss_wins-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-client-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-common-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-doc-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-passdb-mysql-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-passdb-pgsql-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-passdb-xml-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-server-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-swat-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-vscan-clamav-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-vscan-icap-3.0.7-2.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"samba-winbind-3.0.7-2.1.101mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64smbclient0p-cpe:/a:mandriva:linux:lib64smbclient0
mandrivalinuxlib64smbclient0-develp-cpe:/a:mandriva:linux:lib64smbclient0-devel
mandrivalinuxlib64smbclient0-static-develp-cpe:/a:mandriva:linux:lib64smbclient0-static-devel
mandrivalinuxlibsmbclient0p-cpe:/a:mandriva:linux:libsmbclient0
mandrivalinuxlibsmbclient0-develp-cpe:/a:mandriva:linux:libsmbclient0-devel
mandrivalinuxlibsmbclient0-static-develp-cpe:/a:mandriva:linux:libsmbclient0-static-devel
mandrivalinuxnss_winsp-cpe:/a:mandriva:linux:nss_wins
mandrivalinuxsamba-clientp-cpe:/a:mandriva:linux:samba-client
mandrivalinuxsamba-commonp-cpe:/a:mandriva:linux:samba-common
mandrivalinuxsamba-docp-cpe:/a:mandriva:linux:samba-doc
Rows per page:
1-10 of 201

Related

nessus 33
openvas 8
ubuntucve 1
samba 1
cvelist 1
freebsd 1
ubuntu 1
debiancve 1
securityvulns 1
cve 1
nvd 1
gentoo 1
redhat 1
suse 1
nessus
nessus
FreeBSD : samba -- potential remote DoS vulnerability (ba13dc13-340d-11d9-ac1b-000d614f7fad)
2009-04-23 00:00:00
Ubuntu 4.10 : samba vulnerability (USN-22-1)
2006-01-15 00:00:00
FreeBSD : samba -- potential remote DoS vulnerability (175)
2004-11-23 00:00:00
openvas
openvas
FreeBSD Ports: samba
2008-09-04 00:00:00
SLES9: Security update for samba
2009-10-10 00:00:00
SLES9: Security update for samba
2009-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2004-0930
2005-01-27 00:00:00
samba
samba
Potential Remote Denial of Service
2004-11-08 00:00:00
cvelist
cvelist
CVE-2004-0930
2004-11-19 05:00:00
freebsd
freebsd
samba -- potential remote DoS vulnerability
2004-09-30 00:00:00
ubuntu
ubuntu
samba vulnerability
2004-11-10 00:00:00
debiancve
debiancve
CVE-2004-0930
2005-01-27 05:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 11.08.04: Samba SMBD Remote Denial of Service Vulnerability
2004-11-10 00:00:00
cve
cve
CVE-2004-0930
2005-01-27 05:00:00
nvd
nvd
CVE-2004-0930
2005-01-27 05:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2004-11-11 00:00:00
redhat
redhat
(RHSA-2004:632) samba security update
2004-11-16 00:00:00
suse
suse
potential remote buffer overflow in samba
2004-11-15 22:07:05

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.052 Low

EPSS

Percentile

93.0%

JSON
Related for MANDRAKE_MDKSA-2004-131.NASL
nessus33openvas8ubuntucve1samba1cvelist1freebsd1ubuntu1debiancve1securityvulns1cve1nvd1gentoo1redhat1suse1